Chief Information Security Officer (CISO)

Delegator

Role ISM Governance

Role Keepers

Daniel Hauswirth

Coordinator

Daniel Hauswirth

The Chief Information Security Officer (CISO) is the main role to address information security at VSHN.

Purpose

VSHN operates an ISMS to ensure adherence to information security throughout the company. The CISO role holds the responsibility for managing this ISMS, aiming to integrate it seamlessly into the company’s processes rather than allowing it to remain a paper exercise.

The primary objective for VSHN is to deliver high quality services to customers. The CISO collaborates with the teams and roles to enhance the services within the scope of information security that is confidentiality, integrity, and availability (known as C-I-A triad). Additionally, the CISO ensures, in coordination with internal teams and roles that standards and policies are diligently adhered to.

Key Responsibilities

  • Maintained Information Security Management System (ISMS) to remain ISO/IEC 27001 certified

  • Information security risk assessment to continuously improve VSHN’s information security

  • In practice compliance with defined ISMS policies

  • Information security awareness for VSHNeers to lower the risk of incidents

  • Information security incident management

  • ISAE 3402 compliance and audit

Stakeholders and Key Deliverables

General stakeholders of the ISMS and therfore the CISO are documented in the ISMS document 02 Kontext der Organisation und interessierte Parteien.

Customers (represented through Account Management)

  • ISO/IEC 27001 certificate they can refer to to be compliant.

  • ISAE 3402 report they can refer to to be compliant.

  • More detailed information about scope, assessed and controlled risks, etc.

  • Transparently addressed and documented incidents that affected them.

Teams, Roles and all VSHNeers

  • Point-of-contact and defined process to report information security incidents and transparently see how they are triaged and addressed.

  • Continuously train and educate VSHNeers in information security

Marketing and Sales

  • ISO/IEC 27001 certificate to show compliance

  • ISAE 3402 report to show compliance

This role is tracked and reviewed with VIP-287