Nested Knowledge

Bringing Systematic Review to Life

User Tools

Site Tools

Trace: Other Sources Dual Two-Pass Screening Mobile Device Policy
wiki:policies:infosec

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
wiki:policies:infosec [2023/08/30 15:17]
katcow 		wiki:policies:infosec [2023/12/13 21:15] (current)
kholub
Line 43: Line 43:
 ==== Data Protection Officer (DPO) ==== ==== Data Protection Officer (DPO) ====
  
-The DPO, responsible for approving data processing projects, is Karl Holub.+The DPO, responsible for reviewing and approving data processing projects, is Karl Holub. 
 + 
 +In brief, the DPO: 
 + 
 +  * Is made available for all product & support teams, for reporting & planning any changes to data processing 
 +  * Monitors for changes that are of consequence to our data processing policies, including: 
 +      * Code changes and releases 
 +      * Third party vendors & subprocessor additions 
 +      * Internal tooling & workflow changes 
 +  * Monitors subprocessor communications for terms and conditions and subprocessor updates 
 +  * Maintains records of compliance, associated directly with the issue tracker, processor record 
 +  * Reports to the CEO on activities and compliance on a regular basis
  
 **DPO Email:**  [[karl.holub@nested-knowledge.com?subject=Data Protection Inquiry|karl.holub@nested-knowledge.com]] **DPO Email:**  [[karl.holub@nested-knowledge.com?subject=Data Protection Inquiry|karl.holub@nested-knowledge.com]]
Line 86: Line 97:
  
 Employee training requirements are based on the [[https://wiki.nested-knowledge.com/doku.php?id=wiki:policies:data|data classification system]]. All employees and contractors will be provided with our data protection policy. Those who deal with confidential data, restricted use data, or high-risk personal data will be required to demonstrate understanding of our data protection procedures. Employee training requirements are based on the [[https://wiki.nested-knowledge.com/doku.php?id=wiki:policies:data|data classification system]]. All employees and contractors will be provided with our data protection policy. Those who deal with confidential data, restricted use data, or high-risk personal data will be required to demonstrate understanding of our data protection procedures.
 +
 +==== Communicating Updates ====
 +
 +As [[:wiki:policies:third_party#communicating_updates|described in our Third Party Policy]], we will notify users of changes to how their data is processed at least 7 days in advance.
  
 ====== Backup Plan ====== ====== Backup Plan ======
Line 135: Line 150:
 ^Author^Date of Revision/Review^Comments/Description| ^Author^Date of Revision/Review^Comments/Description|
 |K. Cowie|11/17/2021|Initial Draft Completed| |K. Cowie|11/17/2021|Initial Draft Completed|
-|K. Holub|05/26/2023|Off provider database back ups|+|K. Holub|12/13/2023|Better defining DPO role|
 |K. Kallmes|11/19/2021|Draft approved| |K. Kallmes|11/19/2021|Draft approved|
 |P. Olaniran|11/7/2022| | |P. Olaniran|11/7/2022| |
wiki/policies/infosec.1693408635.txt.gz · Last modified: 2023/08/30 15:17 by katcow

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki