Information Security Management System

Download ISO 27001 Certificate

Key Rules

Information security does NOT only affect the ISboard. EVERY person must rethink their position towards secure and confidential information in their dailty work as well as in private life to create a safe and reliable environment for all people and all information.

We at control IT want to make sure that all information and assets are highly protected.

The sketch represents our politic based on the information security guideline. Created by Alesia B. and Mayleen K. May ’22 with the attention and support of the ISexecutive. Adjusted in November 2022.

Scope

Development and deployment of a portfolio management software as SaaS in the Microsoft Azure Cloud.
  • Rule #1

    Main objectives/goals

    We want to create a positive mindset and usual behavior towards information security for any stakeholder in any context of our business.

  • Rule #4

    IT safety

    We use technological measures to manage access control, cryptography, physical safety and a safe work environment.

  • Rule #7

    Work environment

    We provide a secure working environment for our employees and others working for us by introducing a Clean Desk Policy, Mobile Device Management, limited communication channels, a proper project management concept and recurring supplier control.

  • Rule #2

    Compliance & managing information security incidents

    We introduced a system for treating all data protection and information security incidents in business activity. We do all necessary activities to manage and avoid these kind of incidents. Compliance is very important for us, we don’t see it just as “follow the rules” but as an important part of our collaboration with all stakeholders around our business.

  • Rule #5

    Document management system

    We classify our important, confidential and business-critical documents and manage them properly using document control and a classification concept (public, internal, confidential, secret) to provide an environment worthy of protection for all documents and data.

  • Rule #3

    Personnel security

    We protect the integrity, confidentiality and availability of all information regarding our employees and applicants by introducing guidelines on awareness, reprimand and competences.

  • Rule #6

    Measurement

    We use a sustainable measurement of all attainment by using a set of relevant and expressive KPIs to achieve a desirably ISMS, based on facts and figures.

  • Rule #8

    Risk management

    We use and live an asset based risk management to reduce and manage all risks as much as possible and protect all assets and processes with the goal of stable and reliably business continuity.

  • Rule #1

    Main objectives/goals

    We want to create a positive mindset and usual behavior towards information security for any stakeholder in any context of our business.

  • Rule #2

    Compliance & managing information security incidents

    We introduced a system for treating all data protection and information security incidents in business activity. We do all necessary activities to manage and avoid these kind of incidents. Compliance is very important for us, we don’t see it just as “follow the rules” but as an important part of our collaboration with all stakeholders around our business.

  • Rule #3

    Personnel security

    We protect the integrity, confidentiality and availability of all information regarding our employees and applicants by introducing guidelines on awareness, reprimand and competences.

  • Rule #4

    IT safety

    We use technological measures to manage access control, cryptography, physical safety and a safe work environment.

  • Rule #5

    Document management system

    We classify our important, confidential and business-critical documents and manage them properly using document control and a classification concept (public, internal, confidential, secret) to provide an environment worthy of protection for all documents and data.

  • Rule #6

    Measurement

    We use a sustainable measurement of all attainment by using a set of relevant and expressive KPIs to achieve a desirably ISMS, based on facts and figures.

  • Rule #7

    Work environment

    We provide a secure working environment for our employees and others working for us by introducing a Clean Desk Policy, Mobile Device Management, limited communication channels, a proper project management concept and recurring supplier control.

  • Rule #8

    Risk management

    We use and live an asset based risk management to reduce and manage all risks as much as possible and protect all assets and processes with the goal of stable and reliably business continuity.