Versions Compared

Version Old Version 27 New Version 28
Changes made by

Roxy Sanchez

Roxy Sanchez

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Expand
titleDoes your organisation conduct security risk assessments for your full IT estate at least annually? Do you have a formally documented and board level approved risk management framework? Do you conduct regular risk and control assessments taking into account the latest vulnerabilities and changes to the threat landscape?

Does your organisation conduct security risk assessments for your full IT estate at least annually? Do you have a formally documented and board level approved risk management framework? Do you conduct regular risk and control assessments taking into account the latest vulnerabilities and changes to the threat landscape?

Yes, as part of ISMS we have a fully documented risk assessment and treatment process, which is reviewed regularly and at least annually. We maintain an organisation-wide risk register for IT and data security issues.

More information: https://commonplace.atlassian.net/l/cp/1z05F0ZZ

Expand
title Does your organisation have a formal confidentiality or non disclosure agreement in place for all staff, contractors and third parties?

Does your organisation have a formal confidentiality or non disclosure agreement in place for all staff, contractors and third parties?

Yes.

...