Author: Danielle Johnsen (VP of Compliance)
Date: 5 April 2017
This document defines Digital Edge’s policy on Information Security and is based on the following principles.
|1.0||March 27, 2017||Initial policy|
|2.0||April 5, 2017||Approved by ISO review board|
The confidentiality, integrity and availability of information are of great importance to the operation of Digital Edge and its executives. Failure in any of these areas can result in disruption to the services that Digital Edge provides, as well as loss in confidence in the Digital Edge team by current and potential clients. The security of our information and other assets is therefore regarded as fundamental to the successful operation of Digital Edge.
Provision of Information Security for Help Desk, Support, Project Processing and Cloud Service Delivery Solutions to Commercial, Federal, Civilian, DoD and Intelligence Communities.
The selection of the risk reducing measures is documented in the Statement of Applicability (SOA) version 3.2 of 23 March 2017.
These policy objectives are achieved through the implementation of our Information Security Policy, which includes security standards, procedures and guidelines developed in accordance with ISO 27001:2013. It is Digital Edge’s policy to:
Ultimate responsibility for the execution of this policy rests with the Chief Information Security Officer (CISO) of Digital Edge. The executives and heads of departments, assisted by the VP of Compliance, are responsible for the production and maintenance of Digital Edge's Security Policies, the controls to enforce the policies and the provision of advice and guidance on its implementation and maintenance.
All breaches of information security will be reported according to Digital Edge's Information Security Policies and Procedures and investigated by appropriate staff according to the Incident Response Plan.
It is the responsibility of all staff to adhere to this policy.
Digital Edge reserves the right to inspect any data stored on Digital Edge's infrastructure or telecommunication systems, or transmitted or received via Digital Edge’s networks, during the investigation of security incidents, or safeguarding against security threats.
Within this policy, the following individuals have the following responsibilities:
|Execution of this policy||CISO|
|Sponsor and Quality Assurance of this policy||VP of Compliance|
|Production, maintenance, control of this policies||VP of Compliance|
|Protection of Information Systems and assurance that security processes and controls have been carried out||VP of Operation Security|
|Initiation, coordination and investigation of potential breaches in policy||VP of Compliance|
|Ensuring staff have an awareness of and put appropriate controls in place to adhere to the policies||VP of Operation Security|
|Provide advice, guidance, training and support on information security.||CISO|
|Adherence to policy||All staff|
This Information Security Policy will be reviewed annually or updated as necessary by the Compliance Team to ensure that it remains current in the light of relevant legislation, organizational procedures or contractual obligations. Changes will be agreed by the Digital Edge ISO Board, and authorization and quality assurance will be provided by the Digital Edge ISO Board.