Information security does NOT only affect the ISboard. EVERY person must rethink their position towards secure and confidential information in their dailty work as well as in private life to create a safe and reliable environment for all people and all information.
We at control IT want to make sure that all information and assets are highly protected.
The sketch represents our politic based on the information security guideline. Created by Alesia B. and Mayleen K. May ’22 with the attention and support of the ISexecutive. Adjusted in November 2022.
We want to create a positive mindset and usual behavior towards information security for any stakeholder in any context of our business.
We use technological measures to manage access control, cryptography, physical safety and a safe work environment.
We provide a secure working environment for our employees and others working for us by introducing a Clean Desk Policy, Mobile Device Management, limited communication channels, a proper project management concept and recurring supplier control.
We introduced a system for treating all data protection and information security incidents in business activity. We do all necessary activities to manage and avoid these kind of incidents. Compliance is very important for us, we don’t see it just as “follow the rules” but as an important part of our collaboration with all stakeholders around our business.
We classify our important, confidential and business-critical documents and manage them properly using document control and a classification concept (public, internal, confidential, secret) to provide an environment worthy of protection for all documents and data.
At control IT a local ISteam is established including relevant roles such as the ISservice (leading responsible domain officer), ISproduct (responsible person for all product related topics) and IStechnology (responsible person for all IT related topics) as local security champions responsible for the ISMS.
We protect the integrity, confidentiality and availability of all information regarding our employees and applicants by introducing guidelines on awareness, reprimand and competences.
We use a sustainable measurement of all attainment by using a set of relevant and expressive KPIs to achieve a desirably ISMS, based on facts and figures.
We use and live an asset based risk management to reduce and manage all risks as much as possible and protect all assets and processes with the goal of stable and reliably business continuity.
We use and live a Business Continuity Management System (BCMS) according to the ISO 22301 standard. Next to our extensive risk management, our BCMS provides several measures such as a Business Impact Analysis, Business Continuity Plans, disaster recovery and emergency (exercise) plans to protect our (time-)critical business processes.
We want to create a positive mindset and usual behavior towards information security for any stakeholder in any context of our business.
We introduced a system for treating all data protection and information security incidents in business activity. We do all necessary activities to manage and avoid these kind of incidents. Compliance is very important for us, we don’t see it just as “follow the rules” but as an important part of our collaboration with all stakeholders around our business.
We protect the integrity, confidentiality and availability of all information regarding our employees and applicants by introducing guidelines on awareness, reprimand and competences.
We use technological measures to manage access control, cryptography, physical safety and a safe work environment.
We classify our important, confidential and business-critical documents and manage them properly using document control and a classification concept (public, internal, confidential, secret) to provide an environment worthy of protection for all documents and data.
We use a sustainable measurement of all attainment by using a set of relevant and expressive KPIs to achieve a desirably ISMS, based on facts and figures.
We provide a secure working environment for our employees and others working for us by introducing a Clean Desk Policy, Mobile Device Management, limited communication channels, a proper project management concept and recurring supplier control.
We use and live an asset based risk management to reduce and manage all risks as much as possible and protect all assets and processes with the goal of stable and reliably business continuity.
At control IT a local ISteam is established including relevant roles such as the ISservice (leading responsible domain officer), ISproduct (responsible person for all product related topics) and IStechnology (responsible person for all IT related topics) as local security champions responsible for the ISMS.
We use and live a Business Continuity Management System (BCMS) according to the ISO 22301 standard. Next to our extensive risk management, our BCMS provides several measures such as a Business Impact Analysis, Business Continuity Plans, disaster recovery and emergency (exercise) plans to protect our (time-)critical business processes.