- handbook
- Company
- Company
- Board
- Communications
- Decision making
- Guides
- KPIs and OKRs
- principles
- Remote Work
- Security
- Asset Management Policy
- Business Continuity & Disaster Recovery Policy
- Information Security Roles and Responsibilities
- Operations Security Policy
- Risk Management Policy
- Third-Party Risk Management Policy
- Human Resources Security Policy
- Access Control Policy
- Incident Response Plan
- Cryptography Policy
- Information Security Policy and Acceptable Use Policy
- Secure Development Policy
- Data Management Policy
- strategy
- values
- Operations
- Product
- Feedback
- Market Segments
- Metrics
- Node-RED Dashboard
- personas
- Pricing Principles
- Principles
- Responsibilities
- Strategy
- Versioning
- Customer department
- Customer
- Customer Success
- Hubspot
- Marketing
- How we work
- Marketing
- Video
- Customer Stories
- Social Media
- blog
- Community
- Marketing - Website
- Webinars
- FlowFuse Messaging
- Sales
- Engineering & Design Practices
- Design
- Engineering
- Certified Nodes
- contributing
- Front End
- Packaging Guidelines
- Platform Ops
- Deployment
- Incident Response
- Observability
- Production Environment
- FlowFuse Dedicated
- Staging Environment
- Project Management
- Releases
- Security Policy
- tools
- Website A/B Testing
- Internal Operations
- People Ops
# Information Security Roles and Responsibilities
| Policy owner | Effective date |
|---|---|
| @ZJvandeWeg | 2023-06-01 |
# Purpose
FlowFuse is committed to conducting business in compliance with all applicable laws, regulations, and company policies. FlowFuse has adopted this policy to outline the security measures required to protect electronic information systems and related equipment from unauthorized use.
# Roles and Responsibilities
# Board of directors
- Oversight over risk and internal control for information security, privacy, and compliance.
- Consults with executive leadership to understand FlowFuse's security mission and risks and provides guidance to bring them into alignment
# Executive Leadership
- Approves Capital Expenditures for Information Security and Privacy programs and initiatives
- Oversight over the execution of the information security and Privacy risk management program and risk treatments
- Communication Path to the Board of Directors
- Aligns Information Security and Privacy Policy based on FlowFuse's mission, strategic objectives and risk appetite
# CTO
- Oversight over information security in the software development process
- Responsible for the design, development, implementation, operation, maintenance and monitoring of development and commercial cloud hosting security controls
- Responsible for oversight over policy development
- Responsible for implementing risk management in the development process
# Systems Owners
- Maintain the confidentiality, integrity and availability of the information systems for which they are responsible in compliance with FlowFuse's policies on information security and privacy
- Approval of technical access and change requests for non-standard access to systems under their control
# Employees, contractors, temporary workers, etc.
- Acting at all times in a manner that does not place at risk the security of themselves, colleagues, and the information and resources they have use of
- Helping to identify areas where risk management practices should be adopted
- Adhering to company policies and standards of conduct Reporting incidents and observed anomalies or weaknesses
# Peopleops Manager
- Ensuring employees and contractors are qualified and competent for their roles
- Ensuring appropriate testing and background checks are completed
- Ensuring that employees and relevant contractors are presented with company policies and the Code of Conduct (CoC)
- Ensuring that employee performance and adherence the CoC is periodically evaluated
- Ensuring that employees receive appropriate security training
Policy derived from Vanta