SuccessKPI ISMS Policy Statement
SuccessKPI understands the importance of providing a secure and trusted solution, by not only understanding our own environment, but also by understanding the external factors around us, the laws and regulations that govern us, the individual needs of our customers and the privacy of those utilizing our solutions.
Our Security program and policies are designed to:
- Establish and maintain an Information Security Management System (ISMS) recognized by global security standards, certified against ISO (International Standards Organization) 27001:2013, and continually reviewed to improve the system with established and evolving controls.
- Comply with all applicable legal, contractual, and regulatory obligations, by proactively growing and adapting to environmental conditions and the operational conditions of both suppliers and customers.
- Provide secure and reliable working conditions through the implementation of technical architecture and governance, health, and safety standards, incorporating ISMS requirements into our daily working practice in a way that does not place limitations on our effectiveness.
Our Security Leadership is responsible for defining, implementing, and maintaining our vision, purpose, and methodology, with full support of executive leadership. We do this by:
- Implement and maintain the Information Security Program at SuccessKPI.
- Continuously improve and align Information Security Practices to global best practices and standards.
- Information Security policies shall be reviewed regularly. It shall be ensured that the employees understand the policies and abide by them.
- Security Awareness training shall be imparted regularly.
- Internal Assessments or Audits of SuccessKPI’s Information Security Program shall be performed on a periodic basis and any gaps or findings shall be remediated in a timely manner.
- A Risk Assessment process for SuccessKPI’s information assets shall be defined and followed. Risk reduction shall be carried out through the process of continuous improvement.
- SuccessKPI’s information asset Inventories shall be reviewed and updated when a new asset is added.
- Business continuity plans shall be reviewed and tested. Roles and responsibilities shall be clearly defined, and all involved need to be aware.
- Information should be classified and handled according to its criticality and sensitivity as well as with relevant legislative, regulatory and contractual requirements.
- Appropriate contacts with relevant authorities and special interest groups or other specialist security forums shall be maintained.
- Requirements for confidentiality or non-disclosure agreements reflecting the organization’s needs for the protection of information shall be identified, regularly reviewed and documented.
- Detection, prevention and recovery controls to protect against malware shall be implemented by SuccessKPI, combined with appropriate user awareness.
If you have any questions, please email us at privacy@successkpi.com
Last Modified: July 7, 2022