Security Organization
Security Organization and Management Policy
Security Roles and Responsibilities
Screendesk has an organizational structure that establishes, approves, implements, and monitors adherence to an Information Security Program through clear lines of authority and responsibilities.
Risk Committee
Given Screendesk's small size (2 employees), the Risk Committee consists of both employees, with the CTO serving as the primary responsible party for security matters. The Risk Committee has oversight responsibilities related to internal security controls.
Responsibilities include:
Approving and monitoring adherence to this policy
Ensuring data handling responsibilities are assigned, documented, and communicated
Performing the annual risk assessment
The Risk Committee meets at least quarterly and maintains formal meeting minutes.
Personnel
The following personnel are responsible for overseeing and implementing security and data protection practices throughout Screendesk:
CTO (Adrien Nhem, adrien@screendesk.io): Responsibilities include providing overall direction, leadership, and support on methods and tools for secure storage, retention, and disposal of Confidential and Sensitive data. The CTO also serves as the primary Systems Administrator.
CEO: Assists the CTO in implementing and maintaining security practices.
End Users (Employees, Consultants): Responsibilities include adhering to the organization's data protection policies, procedures, and practices and reporting instances of non-compliance to the CTO.
Vendors (includes Contractors and other Third Parties): Responsibilities include all those applicable to end users. In addition, vendors, contractors, and third parties are responsible for:
Avoiding any measure to alter standards that protect customer data
Completing due diligence and ongoing monitoring assessments per the requirements set forth in the Vendor Management Policy
Immediately notifying Screendesk of any policy violations involving customer data
Every end user and vendor is responsible for identifying and mitigating risks associated with the protection of Confidential information and must comply with all the policies within this Information Security Policy.
Policy Review
The CTO is responsible for reviewing Screendesk's policies and procedures on at least an annual basis to ensure they remain accurate and up-to-date with current operations and compliance requirements.
Related Policies
Last updated