Nested Knowledge

Bringing Systematic Review to Life

User Tools

Site Tools

Trace:
wiki:policies:infosec

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
wiki:policies:infosec [2023/05/26 22:57]
kholub 		wiki:policies:infosec [2023/12/13 21:02]
kholub
Line 1: Line 1:
-====== Information Security Policies ======+====== Information Security Policy ======
  
 ===== Information Security Organization ===== ===== Information Security Organization =====
Line 43: Line 43:
 ==== Data Protection Officer (DPO) ==== ==== Data Protection Officer (DPO) ====
  
-The DPO, responsible for approving data processing projects, will be Karl Holub+The DPO, responsible for reviewing and approving data processing projects, is Karl Holub
 + 
 +In brief, the DPO: 
 + 
 +  * Is made available for all product & support teams, for reporting & planning any changes to data processing 
 +  * Monitors for changes that are of consequence to our data processing policies, including: 
 +      * Code changes and releases 
 +      * Third party vendors & subprocessor additions 
 +      * Internal tooling & workflow changes 
 +  * Maintains records of compliance, associated directly with the issue tracker, processor record 
 +  * Reports to the CEO on activities and compliance on a regular basis 
 + 
 +**DPO Email:**  [[karl.holub@nested-knowledge.com?subject=Data Protection Inquiry|karl.holub@nested-knowledge.com]]
  
 ==== Data Protection Impact Analysis Plan ==== ==== Data Protection Impact Analysis Plan ====
Line 84: Line 96:
  
 Employee training requirements are based on the [[https://wiki.nested-knowledge.com/doku.php?id=wiki:policies:data|data classification system]]. All employees and contractors will be provided with our data protection policy. Those who deal with confidential data, restricted use data, or high-risk personal data will be required to demonstrate understanding of our data protection procedures. Employee training requirements are based on the [[https://wiki.nested-knowledge.com/doku.php?id=wiki:policies:data|data classification system]]. All employees and contractors will be provided with our data protection policy. Those who deal with confidential data, restricted use data, or high-risk personal data will be required to demonstrate understanding of our data protection procedures.
 +
 +==== Communicating Updates ====
 +
 +As [[:wiki:policies:third_party#communicating_updates|described in our Third Party Policy]], we will notify users of changes to how their data is processed at least 7 days in advance.
  
 ====== Backup Plan ====== ====== Backup Plan ======
Line 133: Line 149:
 ^Author^Date of Revision/Review^Comments/Description| ^Author^Date of Revision/Review^Comments/Description|
 |K. Cowie|11/17/2021|Initial Draft Completed| |K. Cowie|11/17/2021|Initial Draft Completed|
-|K. Holub|02/09/2023|Tracking restoration history|+|K. Holub|12/13/2023|Better defining DPO role|
 |K. Kallmes|11/19/2021|Draft approved| |K. Kallmes|11/19/2021|Draft approved|
 |P. Olaniran|11/7/2022| | |P. Olaniran|11/7/2022| |
wiki/policies/infosec.txt · Last modified: 2023/12/13 21:15 by kholub

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki