ISM Governance



Role Keepers

Marco Fretz, Patrick Mathers, Daniel Hauswirth



The ISM (Information Security Management) Governance Role oversees the information security management at VSHN and delegates the CISO.


VSHN operates an ISMS to ensure adherence to information security throughout the company. To comply with ISO there must be a top management which demonstrate leadership and commitment with respect to the information security management system. This is to adhere ISO/IEC 27001 section 5.1 Leadership and commitment.

The ISM Governance role is appointed by VSHN and its board.

Key Responsibilities

this is according to ISO/IEC 27001:2022 section 5.1
  • Purpose and objectives for information security aligned with VSHN strategy

  • Oversee ISMS integration into business processes

  • Capacity and resources for a working ISMS

  • Communication of the importance of information security and adherence to ISMS requirements

  • Oversee the ISMS effectivity and govern goal setting to adjust

  • Guide and support all VSHN roles to enhance ISMS effectiveness

  • Promote ongoing improvements in information security

Stakeholders and Key Deliverables

  • Approved Information Security Policy

  • Reviewed role of the CISO

  • Report of annual Management Review with the CISO according to ISO/IEC 27001 section 9.1

  • Documented acceptance of residual information security risks from risk assessment

This role is tracked and reviewed with VIP-322