The purpose of this document is to clearly define the boundaries of the Information Security Management System (ISMS) in Resolver Inc.
The ISMS covers the development, hosting, and supporting activities for Resolver’s Integrated Risk Management applications comprised of Risk and Incident Management, Audit, Compliance, Internal Controls, Business Continuity, and Emergency Management, IT Risk and Compliance, and Vulnerability Management
Specifically, the following products are included in the ISMS:
This document is applied to all documentation and activities within the ISMS.
Users of this document are members of Resolver Inc management, members of the project team implementing the ISMS:
CISO, Information Security Team members, DevOps Team members, IT department team members.
The organization needs to define the boundaries of its ISMS in order to decide which information it wants to protect. Such information will need to be protected no matter whether it is additionally stored, processed, or transferred in or out of the ISMS scope. The fact that some information is available outside of the scope doesn’t mean the security measures won’t apply to it – this only means that the responsibility for applying the security measures will be transferred to a third party who manages that information.
Taking into account the legal, regulatory, contractual, and other requirements, the ISMS scope is defined as specified in the following items:
Development, DevOps, HR, Customer Success, Legal, Information Security, Information Systems (IT).
111 Peter St, Suite 804, Toronto, ON, M5V 2H1, Canada
Toronto Office network infrastructure
Edmonton Office network infrastructure
|Vendor Name||Description of Service(s) Provided|
|AWS||Cloud Service Provider, hosting|
|Rackspace||Cloud Service Provider, hosting|
This document is valid as of July 2020
The owner of this document is CISO who must check and, if necessary, update the document at least once a year.
When evaluating the effectiveness and adequacy of this document, the following criteria need to be considered:
EFFECTIVE ON: September 2020
REVIEW CYCLE: Annual at least and as needed
REVIEW, APPROVAL & CHANGE HISTORY: Last time reviewed and approved in August 2020 by Resolver’s Information Technology Security team.