Stated Objective

Our management team is committed to updating and maintaining our information security program. As part of that initiative, the management team is tasked with periodically reviewing information security policies and procedures to ensure that our company is in compliance with said policies and procedures. The management team is also responsible for managing a risk assessment program to ensure that risks are identified, evaluated and mitigated. Finally, the management team is responsible for ongoing planning to ensure that efficiency and security continue to improve.

Team Members

  • Representatives from the IT, Engineering, Services and Executive team shall be included in the Management Oversight Team
  • The CTO (Chief Technical Officer) shall act as the CISO (Chief Information Security Officer)

Quarterly Meetings

Team shall meet on a quarterly basis for planning purposes.

  • Plans for the upcoming quarter are created
  • Initiatives in progress are reviewed (and updated as needed)

Policy and Procedure Review

  • There shall be a annual review of all information security policies and procedures.
  • Policies and procedures shall be reviewed and updated when:
    • A customer brings any security issue to our attention
    • A staff member brings any security issue to our attention
    • A potential issue is identified by any recognized information security authority (e.g. Microsoft or OWASP)
  • The Risk Management Policy shall be reviewed to ensure that new and existing risks are identified and mitigated
  • The Corporate Compliance Policy shall be reviewed to ensure changes to all pertinent laws and regulations are incorporated into our policies and procedures
  • Minutes shall be kept from all information security meetings to evidence the various topics covered/decisions made

Review Criteria

  • Policy and procedures are properly maintained.
  • There is written evidence of policies/procedure compliance.
  • Open issues are logged and remediated in a reasonable time frame.
  • Policies/procedures are compliant with all relevant statutory, regulatory and contractual requirements.

Remediation

  • Any issues found shall be logged in our ticketing system and assigned to appropriate teams for resolution
  • Resolution of issues shall be documented to ensure closure

Revision 1.0.1 - last updated December 4, 2019