ISM Governance

Delegator

VSHN Board

Role Keepers

André Keller, Patrick Mathers, Roland Ulrich

Coordinator

CISO

The ISM (Information Security Management) Governance Role oversees the Information Security management at VSHN and delegates the CISO.

Purpose

VSHN operates an ISMS to ensure adherence to Information Security throughout the company. To comply with ISO there must be a top management which demonstrate leadership and commitment with respect to the Information Security management system. This is to adhere ISO/IEC 27001 section 5.1 Leadership and commitment.

The ISM Governance role is appointed by VSHN via its board.

Key Responsibilities

this is according to ISO/IEC 27001:2022 section 5.1

  • Purpose and objectives (OKRs) for Information Security aligned with VSHN strategy

  • Oversee ISMS integration into business processes

  • Capacity and resources for a working ISMS

  • Oversee the ISMS effectiveness and govern goal setting to adjust

  • Promote ongoing improvements in Information Security

  • Communication of the importance of Information Security and adherence to ISMS requirements

  • Guide and support all VSHN roles to enhance ISMS effectiveness

Stakeholders and Key Deliverables

CISO

  • Support during internal and external audits

  • Defined and reviewed objectives (OKRs)

VSHN Board

  • Report of annual Management Review with the CISO according to ISO/IEC 27001 section 9.1

  • Reviewed role of the CISO

VSHN

  • Approved Information Security Policy

  • Documented acceptance of residual Information Security risks from risk assessment

Teams and VSHNeers

  • Escalation point for Information Security Incidents and stand-in for CISO

This role is tracked and reviewed with VIP-322