Information Security Roles Responsibilities, Procedures, and Authorities

The responsibilities of overseeing our information security processes falls directly to the owners of Vertic Pty Ltd, Jan Tenenberg, Stephen Kent, and Matt Romeo. We have broken up these responsibilities using the following high-level structures:

• Jan Tenenberg (Information Security Manager) to:

  • Oversee the overall quality assurance processes defined within the ISO 27001 standards and guidelines

  • Set up the systems and processes to support the information security processes required to service Vertic’s clients

• Stephen Kent (Internal Information Security Auditor) to:

  • Clearly define the scope of an implementation and the responsibilities of Vertic’s clients

  • Clearly define all relevant implementation assumptions to impact the implementation of Vertic’s services

• Matt Romeo (Information Security Admin) to:

  • Oversee the technical outsourcing team and the required controls to ensure information is managed securely

  • Implement the relevant technologies to effectively communicate with our technical outsourcing team

Internal Incident Procedure

Should an internal incident occur that requires documentation and action, the following process is to be followed:

1. Use Vertic’s Salesforce environment to log a Case with the following minimum details:

   1. Case Name

   2. Date

   3. Impact

   4. Priority

   5. Urgency

   6. Key Contact

2. Vertic’s Information Security Team (as detailed above) will take action as appropriate

3. All ongoing communications for the particular case will be managed within Salesforce and related to the case.

An example case can be seen here: .