...
Vertic has developed this IT policy and procedure document under the standard IT protocols to manage the risk associated with ICD. Our goal is to fundamentally protect and deter incidents from occurring, but to also instigate appropriate actions to detect, respond and recover should an incident occur.
Risk Area | Protect | Deter | Detect | Respond | Recover |
Secure offices | X |
|
|
|
|
Physical assets | X |
|
|
|
|
Client security & Confidential Data | X | X | X |
|
|
Client Access | X |
|
|
|
|
Monitoring |
| X | X |
|
|
System Audits |
| X | X |
|
|
Incident Management & Reporting |
|
|
| X | X |
Disciplinary Action | X | X |
|
|
|
Procedures | X |
|
|
|
|
Secure Offices /Work areas
...
All of Vertic’s employee use laptops and mobile that independently charge in case of power outages; this ensures that we have continued service. All of Vertic’s online services, like Salesforce and Atlassian, have their own data centres (and/or rely on Amazon AWS); this means that we are protected by multiple safeguards against utility and power failures.
Disposal of e-Waste
Once an existing digital assets, such as a laptop or phone, has been decomissioned, it must be disposed of correctly by using an accredited e-waste disposal agency for which a destruction certificate must be provided as proof of such a disposal.
Privileged Utility Programs
...
Depending on the nature of the inappropriate use of Vertic ICD, non-compliance with this Policy may constitute:
A breach of employment obligations;
Serious misconduct;
A criminal offence;
A threat to the security of the company’s ICD;
An infringement of the privacy of employees and other persons; and/or
Exposure to legal liability.
Non-compliance with this Policy will be regarded as a serious matter and appropriate action will be taken.
...