Information Security Roles and Responsibilities

Policy owner Effective date
@ZJvandeWeg 2023-06-01


FlowFuse is committed to conducting business in compliance with all applicable laws, regulations, and company policies. FlowFuse has adopted this policy to outline the security measures required to protect electronic information systems and related equipment from unauthorized use.

Roles and Responsibilities

Board of directors

  • Oversight over risk and internal control for information security, privacy, and compliance.
  • Consults with executive leadership to understand FlowFuse's security mission and risks and provides guidance to bring them into alignment

Executive Leadership

  • Approves Capital Expenditures for Information Security and Privacy programs and initiatives
  • Oversight over the execution of the information security and Privacy risk management program and risk treatments
  • Communication Path to the Board of Directors
  • Aligns Information Security and Privacy Policy based on FlowFuse's mission, strategic objectives and risk appetite


  • Oversight over information security in the software development process
  • Responsible for the design, development, implementation, operation, maintenance and monitoring of development and commercial cloud hosting security controls
  • Responsible for oversight over policy development
  • Responsible for implementing risk management in the development process

Systems Owners

  • Maintain the confidentiality, integrity and availability of the information systems for which they are responsible in compliance with FlowFuse's policies on information security and privacy
  • Approval of technical access and change requests for non-standard access to systems under their control

Employees, contractors, temporary workers, etc.

  • Acting at all times in a manner that does not place at risk the security of themselves, colleagues, and the information and resources they have use of
  • Helping to identify areas where risk management practices should be adopted
  • Adhering to company policies and standards of conduct Reporting incidents and observed anomalies or weaknesses

Peopleops Manager

  • Ensuring employees and contractors are qualified and competent for their roles
  • Ensuring appropriate testing and background checks are completed
  • Ensuring that employees and relevant contractors are presented with company policies and the Code of Conduct (CoC)
  • Ensuring that employee performance and adherence the CoC is periodically evaluated
  • Ensuring that employees receive appropriate security training

Policy derived from Vanta