Security Organization and Management Policy

Security Roles and Responsibilities

Screendesk has an organizational structure that establishes, approves, implements, and monitors adherence to an Information Security Program through clear lines of authority and responsibilities.

Risk Committee

Given Screendesk's small size (2 employees), the Risk Committee consists of both employees, with the CTO serving as the primary responsible party for security matters. The Risk Committee has oversight responsibilities related to internal security controls.

Responsibilities include:

• Approving and monitoring adherence to this policy
• Ensuring data handling responsibilities are assigned, documented, and communicated
• Performing the annual risk assessment

The Risk Committee meets at least quarterly and maintains formal meeting minutes.

Personnel

The following personnel are responsible for overseeing and implementing security and data protection practices throughout Screendesk:

• CTO (Adrien Nhem, adrien@screendesk.io): Responsibilities include providing overall direction, leadership, and support on methods and tools for secure storage, retention, and disposal of Confidential and Sensitive data. The CTO also serves as the primary Systems Administrator.
• CEO: Assists the CTO in implementing and maintaining security practices.
• End Users (Employees, Consultants): Responsibilities include adhering to the organization's data protection policies, procedures, and practices and reporting instances of non-compliance to the CTO.
• Vendors (includes Contractors and other Third Parties): Responsibilities include all those applicable to end users. In addition, vendors, contractors, and third parties are responsible for:
  • Avoiding any measure to alter standards that protect customer data
  • Completing due diligence and ongoing monitoring assessments per the requirements set forth in the Vendor Management Policy
  • Immediately notifying Screendesk of any policy violations involving customer data

Every end user and vendor is responsible for identifying and mitigating risks associated with the protection of Confidential information and must comply with all the policies within this Information Security Policy.

Policy Review

The CTO is responsible for reviewing Screendesk's policies and procedures on at least an annual basis to ensure they remain accurate and up-to-date with current operations and compliance requirements.

Related Policies

• Access Control Policy
• Change Management Policy
• Incident Management Policy
• Monitoring Policy
• Network and System Security Policy
• People Security Policy
• Risk Management Policy
• Vendor Management Policy
• Vulnerability Management Policy