CERRIX Documentation
  • Introduction to CERRIX
  • CERRIX Functionalities
    • Getting Started
    • Using the Dashboard
    • Module Overview
      • Risks
        • AI Risk Description Refinement
        • Budget-based Risk Scoring
      • Controls
        • Design & Implementation (D&I) Testing
        • AI Control Description Refinement
        • Control Execution Tasks
      • Control Advanced Effectiveness Testing
        • Control Advanced Effectiveness Testing Video's
      • Incidents
        • Incidents Standing Data & Emails
        • Creating a New Incident
        • Incidents Workflow
        • Incidents Workspace
        • Incidents Roles & Rights
        • Incidents: Known Issues & Future Improvements
      • Events
      • Business Improvement Management
        • Measures of Improvement (MoIs)
          • Working with MoIs (Measures of Improvement)
        • Findings Report
      • Data Management
      • Third Party Management
      • Key Risk Indicators (KRI's)
  • Admin Settings
    • External Connections
    • AI Settings
    • Authentication & User Provisioning
  • API Documentation
  • Best Practices & Guides
    • Control Design & Implementation, Execution & Effectiveness Testing: What's the Difference?
    • CERRIX AI FAQ
  • Implementation Guide
  • Import Templates
  • About CERRIX
    • Getting Support
    • Release Notes
    • Release Planning
    • Product Strategy & Roadmap
    • Heavy & Light Users
  • Trust & Compliance
    • Strategic Information Security Policy
    • ISO 27001
    • ISAE 3402 Type II
    • Privacy / GDPR
    • Security Statement
    • FSQS Certificate
Powered by GitBook
On this page
Export as PDF
  1. Trust & Compliance

Strategic Information Security Policy

PreviousTrust & ComplianceNextISO 27001

Last updated 1 day ago

Our strategic information security policy is a high-level document that outlines our commitment to protecting information assets and managing risks associated with information security. It defines the guiding principles, roles, and responsibilities for ensuring the confidentiality, integrity, and availability of information across our organization. This policy aligns with business objectives and regulatory requirements, setting a framework for decision-making on security matters.

Key elements include:

  1. Scope and Purpose: Describes the policy's relevance to all information assets, systems, and employees.

  2. Roles and Responsibilities: Defines who is accountable for security tasks, from executive leadership to end users.

  3. Risk Management Approach: Outlines how risks are identified, evaluated, and mitigated.

  4. Compliance and Standards: References relevant standards (e.g., ISO 27001, GDPR) and regulatory compliance requirements.

  5. Enforcement and Review: States consequences for non-compliance and establishes a schedule for regular review and updates.

This policy provides the foundational direction for all security initiatives and helps ensure a cohesive and proactive security posture organization-wide.

1MB
Strategic Information security policy v2.1 ondertekend.pdf
pdf