...
| Expand | ||
|---|---|---|
| ||
Does your organisation have an internal audit function that ensures information security requirements are being met by the business? Yes. Our ISMS is audited annually both internally and externally. along with other review mechanisms as part of our ISO27001 requirements. More information: https://commonplace.atlassian.net/l/cp/3HgecJNc |
| Expand | ||
|---|---|---|
| ||
Does your organisation conduct security risk assessments for your full IT estate at least annually? Do you have a formally documented and board level approved risk management framework? Do you conduct regular risk and control assessments taking into account the latest vulnerabilities and changes to the threat landscape? Yes, as part of ISMS we have a fully documented risk assessment and treatment process, which is reviewed regularly and at least annually. We maintain an organisation-wide risk register for IT and data security issues. |
...