Risk Management

Risk Management Policy

Screendesk has designed a risk assessment program to assess the organization's enterprise-level risk at least annually or upon significant changes to the environment.

As part of the risk assessment process, Screendesk will do the following:

  1. Specify Screendesk's objectives and identify and assess risks related to these objectives.

  2. Identify and assess threats to and vulnerabilities in systems and services (the latter through changes to service commitments).

  3. Determine the likelihood and magnitude of harm from unauthorized access, use, disclosure, disruption, modification, or destruction of the system relative to the information it processes, stores, or transmits.

  4. Integrate risk assessment results and risk management decisions with the organization, its mission, and/or its business process perspectives via system-level risk assessments.

  5. Document risk assessment results in the organization's risk registry and respond to the results in accordance with Screendesk's risk tolerance.

  6. Disseminate risk assessment results to key stakeholders (both employees).

  7. Update the risk assessment when there are significant changes to the system, its operating environment, or other conditions that may impact the security or privacy of the system.

  8. Identify and assess potential fraud and its potential impact on the organization's objectives.

  9. Ensure management selects and develops manual and technical general control activities to assist in mitigating risks.

Given Screendesk's small size and the nature of its business (enabling customer support teams to request and send screen recordings for debugging), particular attention should be paid to:

  • Data privacy and protection risks associated with screen recordings

  • Security risks related to the use of Render.com as the cloud provider and Amazon S3 for storing recordings

  • Risks associated with the transmission and storage of potentially sensitive customer data

  • Compliance risks related to SOC2 Type 2 requirements

The CTO, in collaboration with the CEO, is responsible for conducting and documenting the annual risk assessment, as well as any additional assessments triggered by significant changes in the business environment or operations.

Last updated