- handbook
- Company
- Company
- Board
- Communications
- Decision making
- KPIs and OKRs
- principles
- Remote Work
- Security
- Asset Management Policy
- Business Continuity & Disaster Recovery Policy
- Cryptography Policy
- Data Management Policy
- Information Security Roles and Responsibilities
- Operations Security Policy
- Risk Management Policy
- Secure Development Policy
- Third-Party Risk Management Policy
- Human Resources Security Policy
- Access Control Policy
- Incident Response Plan
- Information Security Policy and Acceptable Use Policy
- strategy
- values
- Operations
- Product
- Feedback
- Metrics
- Node-RED Dashboard
- personas
- Plan
- Pricing Principles
- Product Categories
- Strategy
- Versioning
- Development & Design Practices
- Design
- Development
- contributing
- Front End
- How We Work
- Markdown How-To
- packaging
- Releases
- security
- staging
- Using Git
- Website A/B Testing
- Internal Operations
- Legal
- People Ops
- Sales & Marketing
- Marketing
- blog
- Boiler Plate Descriptions
- Content Channels
- Content Types
- HubSpot
- Marketing
- Marketing - Website
- Video
- Webinars
- sales
# Information Security Roles and Responsibilities
| Policy owner | Effective date |
|---|---|
| @ZJvandeWeg | 2023-06-01 |
# Purpose
FlowFuse is committed to conducting business in compliance with all applicable laws, regulations, and company policies. FlowFuse has adopted this policy to outline the security measures required to protect electronic information systems and related equipment from unauthorized use.
# Roles and Responsibilities
# Board of directors
- Oversight over risk and internal control for information security, privacy, and compliance.
- Consults with executive leadership to understand FlowFuse's security mission and risks and provides guidance to bring them into alignment
# Executive Leadership
- Approves Capital Expenditures for Information Security and Privacy programs and initiatives
- Oversight over the execution of the information security and Privacy risk management program and risk treatments
- Communication Path to the Board of Directors
- Aligns Information Security and Privacy Policy based on FlowFuse's mission, strategic objectives and risk appetite
# CTO
- Oversight over information security in the software development process
- Responsible for the design, development, implementation, operation, maintenance and monitoring of development and commercial cloud hosting security controls
- Responsible for oversight over policy development
- Responsible for implementing risk management in the development process
# Systems Owners
- Maintain the confidentiality, integrity and availability of the information systems for which they are responsible in compliance with FlowFuse's policies on information security and privacy
- Approval of technical access and change requests for non-standard access to systems under their control
# Employees, contractors, temporary workers, etc.
- Acting at all times in a manner that does not place at risk the security of themselves, colleagues, and the information and resources they have use of
- Helping to identify areas where risk management practices should be adopted
- Adhering to company policies and standards of conduct Reporting incidents and observed anomalies or weaknesses
# Peopleops Manager
- Ensuring employees and contractors are qualified and competent for their roles
- Ensuring appropriate testing and background checks are completed
- Ensuring that employees and relevant contractors are presented with company policies and the Code of Conduct (CoC)
- Ensuring that employee performance and adherence the CoC is periodically evaluated
- Ensuring that employees receive appropriate security training
Policy derived from Vanta