Our management team is committed to maintaining our information security program. As part of that initiative, the management team is tasked with periodically reviewing information security policies and procedures to ensure that our company is in compliance with said policies and procedures. The management team is also responsible for managing a risk assessment program to ensure that risks are identified, evaluated and mitigated.

Team Members

  • Representatives from the IT, Engineering, Services and Executive team shall be included in the Management Oversight Team
  • The CTO (Chief Technical Officer) shall act as the CSO (Chief Security Officer)

Policy and Procedure Review

  • There shall be a bi-annual review of all security policies and procedures.
  • Policies and procedures shall be reviewed and updated when:
    • A customer brings any security issue to our attention
    • A staff member brings any security issue to our attention
    • A potential issue is identified by any recognized information security authority (e.g. Microsoft or OWASP)
  • Minutes shall be kept from all information security meetings to evidence the various topics covered/decisions made

Review Criteria

  • Policy and procedures are properly maintained
  • There is written evidence of policies/procedure compliance
  • Open issues are logged and remediated in a reasonable time frame
  • Policies/procedures are compliant with all relevant statutory, regulatory and contractual requirements.

Remediation

  • Any issues found shall be logged in our ticketing system and assigned to appropriate teams for resolution
  • Resolution of issues shall be documented to ensure closure