Versions Compared

Version Old Version 1 New Version Current
Changes made by

Jan Tenenberg

Jan Tenenberg

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Specifically, this document sets out:

  • The context of the organization

  • External and internal issues relevant to the purpose of Vertic Pty Ltd

  • Interested parties relevant to the ISMS

  • Information security requirements of these interested parties

  • The scope of the ISMS, including its boundaries and applicability

This document will be updated at least annually and when significant change happens to the relevant areas covered.

...

Vertic Pty Ltd consists of the following organisational functions:

  • Project Management

  • Solution Design and Architecture Consulting

  • Solution Testing and Deployment

  • Implementation Advice and Guidance

  • Technical Development (Programming)

  • Reporting and Dashboard Development

  • Solution Documentation and Training Material Development

An organization chart is shown below:

...

Vertic Pty Ltd has relationships with several organisations to which it has outsourced aspects of its business activities. These are summarised in the following table.

ORGANIZATION NAME

OUTSOURCED ACTIVITIES

INTERFACES

DEPENDENCIES

Salesforce

Data Centre Hosting

Development

Delivery of the SaaS application

Atlassian

Data Centre Hosting

Project Management

Delivery of Solutions

...

For the financial year 2022/2023 Vertic Pty Ltd has set the following major business objectives:

  • Maintenance of current technical support clients; these are recurring revenue clients

  • Growth into packaged solutions, specifically for the NDIS sector (via our Maica offering)

  • Revenue growth of 10%, as staffing constraints limit our ability to maintain quality beyond this.

Business policies

Policies have been set by the organization in a variety of areas and these must be taken account of during the information security planning process to ensure that they are met. The main relevant policies are:

  • Corporate Risk Management Strategy

  • Human Resources Policy

  • Home Working Policy

  • Flexible Working Policy

  • Equality and Diversity Policy

  • Internet Acceptable Use Policy

  • Information Security Policy

  • IT Access Control Policy

  • Legal Responsibilities Policy

Internal and external issues

...

With regard to the Vertic Pty Ltd business itself, there are a number of relevant internal issues.

These include:

  • Uncertainties in employee private concerns; a few employees have encountered personal matters that have required time away from Vertic

  • Location moves; at times, employees have required to move and relocate, especially in recent times in Europe

  • Resources and knowledge of the organization; it’s difficult to find the right resources, both in terms of skill and experience.

  • These general internal issues will be considered in more detail as part of the risk assessment process.

External issues

With regard to the external environment in which Vertic Pty Ltd operates, there are a number of relevant external issues.

These include:

  • Political landscape; this is particularly relevant for our outsourced technical team, as they are natively based in Belarus.

  • Economic impacts of COVID; most organisations in Australia have been impacted by COVID in some way so Vertic is no exception to this

  • Supporting technologies and infrastructure; we rely on the NDIS digital systems and policies as well as Salesforce to ensure our products are marketable and attractive to our clients.

  • These general external issues will be considered in more detail as part of the risk assessment process.

Risk appetite

The ISMS is designed to address the major risks that are identified to the information security of Vertic Pty Ltd. In identifying, assessing and managing these risks there are several options open to the organization according to its appetite for risk.

...

The following are defined as interested parties that are relevant to the ISMS:

  • Shareholders

  • Suppliers

  • Customers

  • Regulatory bodies

  • Employees of the organization

  • Contractors providing services to the organization

  • National or local government organisations

A list for each Interested Party is shown below:

...

The impact of any specific incident will obviously depend upon its nature and a comprehensive risk assessment is maintained to assess and mitigate those that can be reasonably identified. In general terms the potential impact of an inability to perform normal business processes will be shown in one or more of the following key areas:

  • Loss of sales revenue

  • Loss of reputation/customer confidence

  • Breach of contractual obligations

  • Loss of business opportunity

  • Any potential impact of a security incident could potentially have impacts on Vertic’s credibility and therefore on our ability to secure clients which will ultimately lead to loss of revenue.

Information security objectives

Based on the requirements and issues set out in this document, the following major objectives are set for information security:

  • Objective 1 – Maintain shareholder confidence

  • Objective 2 – Maintain customer service levels & data security

  • Objective 3 – Minimise loss of revenue

The success of the ISMS will be judged on its ability to meet these overall objectives.

...