Leadership, Governance and Strategy Policy

The Leadership, Governance and Strategy Policy is to direct and control the overall approach to Information Security within the Netspective Communications LLC. [FII-SCF-001-GOV-01]

Information Security Governance and Leadership

• The board of directors of Netspective Communication LLC. shall actively establish an Information Security committee comprising senior members from both the IT and business departments. The committee will consist of a maximum of 6 members who will oversee Information Security across Netspective Communication LLC. The Information Security committee will be led by a senior auditor responsible for implementing controls.
• The committee will regularly report to the board of directors, providing updates on various aspects of Information Security, at least on a monthly basis. The board of directors will take the initiative to establish an Information Security charter for the committee, defining objectives, goals, key performance indicators, committee meetings, minimum representation, and decision rights for its members.
• Roles and responsibilities for each Information Security member will be established by the board of directors, communicated in writing, and closely monitored to ensure efficient execution. The board of directors will provide necessary funds to support the operation of the Information Security function.
• Additionally, the board of directors will formally appoint a Chief Information Security Officer (CISO), a Risk team, and an Audit team, clearly defining their goals and ensuring that only qualified individuals can hold positions as CISO, Chief Risk Officer (CRO), or Audit committee members.
• The board of directors will maintain oversight and stay informed about major changes in roles, responsibilities, business operations, Information Security projects, and tools impacting Cyber/Information Security. Regular board meetings and Information Security meetings will be organized at least once a quarter.
• The board of directors will bear the responsibility of providing guidance and assistance in resolving Information Security incidents.

Information Security strategy

• The Information Security committee shall create a short term ( 1 year ) and Long term ( 3 to 5 year) Information Security strategy by consulting senior representatives such as architecture committee, software development , business heads. This Information Security strategy shall include what will be done in the short term and long term and how the success shall be measured using Key performance indicators.
• The Information Security strategy shall be reviewed and approved by the committee, the business heads, board of directors. Information Security committee shall ensure that the strategy is aligned with business and is able to scale in the future.
• Information Security strategy shall prioritize policy creation, approval, dissemination, and changes.
• The funds needed for operating Information Security function shall be provided, cash flow and spending monitored, replenished, and acted upon to take corrective measures.
• Information Security incident management function shall be formed to take care of security incidents and shall provide tools, resources, processes, policies, frameworks, standards to be followed.
• Steering committee shall approve appointments; purchase of tools, processes, strategic changes that impact security, architecture, infrastructure changes.
• Strategy shall include
  • Monitoring compliance , regulations
  • Incidents that impact business and growth
  • Money spending and its return on investments
  • Process improvements to be implemented to yield benefits
  • Audit findings and correctors
  • External audits, customer audits
  • Customer security complaints and resolutions and preventive actions
• Steering committee shall provide update to board of directors every quarter on the strategy that was set and its achievements, gaps, assistance needed from board in achieving requirement goals.
• Steering committee shall make use of techniques such as SWOT, Balanced score card to set strategy and actions. Monitor on monthly basis the achievements verses the plan.