Information Security

This document describes the processes that support the following company policies:

Information Security Policy: Annotated Notes Drata Policy

Policy Review

Performed by role: Security Officer

Perform a yearly review on an annual basis with senior management and key personnel:

Discuss, evaluate and document the company’s ISP, ensuring strategic goals and objectives are continually being developed.
Review all ISP policies and/or edited to meet necessary security standards. All policies must be signed and approved by authorized personnel (TODO: who is authorized personnel? What is the process to sign?).

Policy Changes

Performed by role: Security Officer

Notify employees of security updates and changes, as well as remind them of security responsibilities to be undertaken, via annual security awareness training and annual policy acknowledgements
Notify of incidents as needed, via email or appropriate Slack channels

Annual Security Awareness Training

Performed by role: Security Officer

TODO

PlaybooksIncident Response

PlaybooksPassword

Table of Contents

Policy Review
Policy Changes
Annual Security Awareness Training