Uprise Security Roles and Responsibilities
Individuals who possesses rights to access the data of the organization to perform their assigned duties.
1. Confidentiality of passwords
Users must manage passwords with care and processes should be in place to ensure confidentiality from the initial creation, storage in applications, communication and day to day usage
1.2 Responsibilities specific to every employee of Uprise
All employees and third parties using Uprise software and resources are accountable for understanding and following Uprise information security policies, as well as promoting safe practices within their teams and monitor compliance.
1.3 Asking for help, reporting a concern
All employees and third parties are responsible for asking for assistance when in doubt about how to proceed or interpret a policy and also to report any concern or suspect activity encountered. Depending on the nature of the concern, the first point of contact should be one of these: the line manager, Tech support, the Information Security Manager or Human Resources.
Responsibilities specific to managers
Responsible for analysing the entire manner of risks in terms of security to which the enterprise may be exposed.
2.1 Fully understand the data, people, systems and processes that he/she is accountable for its safeguard
Uprise managers are expected to identify the data and systems under their remit and accept accountability for its protection. Individual “custodians” (also referred as “owners”) of the data will be identified. They will be accountable for it and will make informed decisions on risks and appropriate levels of protection, on behalf of the company.
1.4 Strategic support to open networks
Uprise managers should not exclusively rely on perimeter controls, but also security on each individual system. In an open and dynamic organisation, such as Uprise, having a clear strategy of providing flexible and seamless mobile access, it is no longer effective to rely on broad “Internet vs internal” networks, or physical access to the office to protect Uprise from accidental or intentional misuse.
1.5 Ensure their teams are security savvy
Uprise managers should ensure their teams have the necessary skills and should communicate their responsibilities regarding protecting systems and data
2.4 Oversee their teams and systems are effective
Managers should actively, regularly and demonstrably verify what their reports are doing and how systems under his/her supervision are functioning.
2.5 Monitor the third party with access to UWL systems and data
Uprise managers should ensure any subcontractor employed for a particular function will meet the requirements specified (on selection and on an ongoing basis) and accept responsibility for their actions.
Responsibilities of the information security manager
The manager who is responsible for guaranteeing that a proper operational security position is maintained in the systems.
3.1 Risk management
Identify threats to Uprise information assets and advise the Risk Committee on impact and recommended remediation. Scope includes risks related to information, data, technology & related regulatory requirements.
3.2 Policies and education
Communicate acceptable levels of risk and mitigation practices throughout Uprise via policy, standards and awareness programs. Central initiatives to communicate, facilitate/enable the adoption of secure practices.
3.3 Measuring progress and compliance
The information security manager will perform validation of compliance directly on the processes or verifying the management controls.
3.4 Incident response
Develop central capabilities to effectively respond to significant information security related incidents.
3.5 Service delivery
There may be central services delivered or managed by the Information Security Manager, for example on demand pen testing, or some diagnostics/checks.