Uprise Security Roles and Responsibilities

All employees

 

Individuals who possesses rights to access the data of the organization to perform their assigned duties.

 

1.      Confidentiality of passwords

 

Users must manage passwords with care and processes should be in place to ensure confidentiality from the initial creation, storage in applications, communication and day to day usage

 

1.2  Responsibilities specific to every employee of Uprise

 

All employees and third parties using Uprise software and resources are accountable for understanding and following Uprise information security policies, as well as promoting safe practices within their teams and monitor compliance.

 

1.3  Asking for help, reporting a concern

 

All employees and third parties are responsible for asking for assistance when in doubt about how to proceed or interpret a policy and also to report any concern or suspect activity encountered.  Depending on the nature of the concern, the first point of contact should be one of these: the line manager, Tech support, the Information Security Manager or Human Resources.

 

Responsibilities specific to managers

 

Responsible for analysing the entire manner of risks in terms of security to which the enterprise may be exposed.

 

2.1 Fully understand the data, people, systems and processes that he/she is accountable for its safeguard

 

Uprise managers are expected to identify the data and systems under their remit and accept accountability for its protection. Individual “custodians” (also referred as “owners”) of the data will be identified. They will be accountable for it and will make informed decisions on risks and appropriate levels of protection, on behalf of the company. 

 

1.4  Strategic support to open networks

 

Uprise managers should not exclusively rely on perimeter controls, but also security on each individual system. In an open and dynamic organisation, such as Uprise, having a clear strategy of providing flexible and seamless mobile access, it is no longer effective to rely on broad “Internet vs internal” networks, or physical access to the office to protect Uprise from accidental or intentional misuse.

 

1.5  Ensure their teams are security savvy

 

Uprise managers should ensure their teams have the necessary skills and should communicate their responsibilities regarding protecting systems and data

 

2.4 Oversee their teams and systems are effective 

 

Managers should actively, regularly and demonstrably verify what their reports are doing and how systems under his/her supervision are functioning.

 

2.5 Monitor the third party with access to UWL systems and data

 

Uprise managers should ensure any subcontractor employed for a particular function will meet the requirements specified (on selection and on an ongoing basis) and accept responsibility for their actions.

 

Responsibilities of the information security manager

 

The manager who is responsible for guaranteeing that a proper operational security position is maintained in the systems.

 

3.1 Risk management

 

Identify threats to Uprise information assets and advise the Risk Committee on impact and recommended remediation. Scope includes risks related to information, data, technology & related regulatory requirements.

 

3.2 Policies and education

 

Communicate acceptable levels of risk and mitigation practices throughout Uprise via policy, standards and awareness programs. Central initiatives to communicate, facilitate/enable the adoption of secure practices.

 

3.3 Measuring progress and compliance

 

The information security manager will perform validation of compliance directly on the processes or verifying the management controls.  

 

3.4 Incident response

 

Develop central capabilities to effectively respond to significant information security related incidents.

 

3.5 Service delivery

 

There may be central services delivered or managed by the Information Security Manager, for example on demand pen testing, or some diagnostics/checks.

 

 

 

 

 

 

 

 

 

 

 

 

Jay Spence