Information Security Policy

Information Security Policy

SOC2 CertificationNetspective Unified Process
 

Netspective Communications LLC ensures protection of its assets and data from unauthorized access and disclosure through the Information Security Policy (ISP). The ISP also maintains data confidentiality and integrity throughout the organization.

  • Information security requires both an information risk management function and an information technology security function. Depending on the structure of the entity, an individual or group can serve in both roles or a separate individual or group can be designated for each role. It is recommended that these functions be performed by a high-level executive or a group that includes high level executives.

    • Each entity must designate an individual or group to take responsibility for the risk management function.

  • Risk Register

    Database error please contact administrator!

    • The enterprise views risk-related considerations for information assets and individual information systems, including authorization decisions, in the context of overall strategic goals and objectives for carrying out its core missions and business functions.

    • The enterprise ensures mission/business success by reflecting risk tolerance and considering the management of information assets and information system-related security risks along with other types of risks.

    • The entity must designate an individual or group to take responsibility for the technical information security function. For clarity and readability, this policy refers to the individual or group as the Information Security Officer (ISO)/designated security representative. This function evaluates and advises on information security risks.

    • Project manager, team, and management must be consulted in making information security risk decisions.

  • Security Impact Analysis

    Database error please contact administrator!
    • While third parties may handle the technical information security function, each entity remains ultimately responsible for the security of its owned information.

    Related Policies

    • Information Risk Management
    • Information Classification and Handling
    • IT Asset Management
    • Personnel Security
    • Cyber Incident Management
    • Physical and Environmental Security
    • Account Management and Access Control
    • Systems Security
    • Network Systems
    • Vulnerability Management
    • Operations Security
    Approved by
    Ajay Kumaran Nair on June 16, 2023 |
    Last Updated by
    Arun K R on June 16, 2023