Information Security Policy
INTRODUCTION
An information security policy is the cornerstone of an information security program. As such, this information security policy reflects webinar.net’s objectives for information security and the agreed upon management strategy for securing information and continual improvement. webinar.net’s information security policy is its foundation for protecting webinar.net’s information, systems, and people, as well as its intellectual property, customer and partner relationships, company brand, and investor value.
PURPOSE
The purpose of the Information Security Policy is to set forth the underlying tenets, framework, and reasoning for webinar.net’s Information Security Management System (ISMS) in accordance with the requirements of ISO standard ISO/IEC 27001:2013.
INFORMATION SECURITY POLICY STATEMENT
It is the policy of webinar.net to protect the confidentiality, integrity, and availability (CIA) of the information held, in any form.
This Information Security Policy is supported and complemented by other policies, procedures, standards, and ISMS documentation.
webinar.net’s ISMS supports the following objectives:
- Demonstrate management commitment to, and support for, information security;
- Establish directives and principles for action in regard to information security;
- Ensure alignment with the company’s mission and vision;
- Ensure alignment with webinar.net requirements and contractual security obligations;
- Ensure alignment with applicable legal and regulatory requirements;
- Ensure alignment with applicable privacy requirements; and
- Ensure alignment of the ISMS with the enterprise risk management approach.
The risk management approach for the ISMS shall be aligned with the organization’s strategic risk management context.
webinar.net’s risk assessment criteria are derived from the ISO 27005 risk assessment methodology. webinar.net assesses risks to information assets qualitatively by estimating the impact and likelihood of information security events within the organization.
The ISMS Manager is responsible for maintaining this Information Security Policy, supporting its objectives and advising on its implementation.
Continual improvement needs will be determined by various methods. The ISMS Manager is responsible for ensuring the improvement activity is operationalized, based on factors such as alignment with business and security objectives, needed resources, budget and technological feasibility, the improvement aligns with webinar.net’s security roadmap and is approved by either the ISMS Management Steering Committee or the Executive Committee, as applicable.
Conformance at every level to the Information Security Policy and all remaining ISMS policies, standards, and procedures, is mandatory.
The Information Security Policy must be reviewed at least annually.
OWNERSHIP AND REVIEW
This Information Security policy is owned by the ISMS Manager. This Information Security policy shall be reviewed on an annual basis. Changes to this document shall be in accordance with the ISMS Document and Records Control Standard.