1. Purpose, scope, and users
The purpose of this document is to outline the requirements of the Resolver to meet all activities related to the initiation, implementation, and keeping of records of corrections, as well as corrective actions.
This procedure is applied to all the activities implemented in the Information Security Management System (ISMS) and to all personal data processing activities.
Users of this document are the ISMS team.
2. Reference documents
- ISO/IEC 27001 standard, clause 6.2
3. Resolver’s Information Security objectives for 2020
- Employees are knowledgeable about information security, the ISMS, and their role in protecting Resolver and our customers
- KPI: at least 90% successful completion of annual InfoSec awareness training
- Complete an annual internal Information Security Audit based on the ISO 27001/2 framework with no major non-conformities.
- Keep Customer’ data safe and secure
- KPI: no data breaches and no data leakage
- Keep Resolver’s informational assets safe and secure
- KPI: less than 10% of the open rate in a monthly phishing attack simulation
- Keep Company Cyber Security rating at a high level when compared to industry benchmarks
- KPI: Company Cyber Security rating should not go below 740 points from BitSight tech and below 80 points from SecurityScorecard
4. Validity and document management
This document is valid as of August 2020.
The owner of this document is CISO who must check and, if necessary, update the document at least once a year.
When evaluating the effectiveness and adequacy of this document, the following criteria need to be considered:
- the number of incidents arising from the unclear definition of the ISMS scope.
- the number of corrective actions taken due to an inadequately defined ISMS scope.
- time put in by employees implementing the ISMS to resolve dilemmas concerning the unclear scope.
EFFECTIVE ON: September 2020
REVIEW CYCLE: Annual at least and as needed
REVIEW, APPROVAL & CHANGE HISTORY: Last time reviewed and approved in August 2020 by Resolver’s Information Technology Security team.