ISM Governance
| Delegator | Board via VSHN (Anchor Circle) |
|---|---|
Role Keepers | André Keller, Patrick Mathers, Roland Ulrich |
Coordinator |
The ISM (Information Security Management) Governance Role oversees the Information Security management at VSHN and delegates the CISO.
Purpose
VSHN operates an ISMS to ensure adherence to Information Security throughout the company. VSHN’s Top Management takes full accountability for the effectiveness of the ISMS. We are committed to ensuring the confidentiality, integrity, and availability of all information assets by integrating security into our core business processes and providing all necessary resources. The ISM Governance role, appointed by the Board, leads this commitment to support VSHN’s strategic goals and drive continual improvement.
The ISM Governance role is appointed by VSHN via its board.
Key Responsibilities
| this is according to ISO/IEC 27001:2022 section 5.1 |
Taking ultimate responsibility for the effectiveness and performance of the ISMS.
Ensuring the Information Security Policy and objectives are established and aligned with VSHN’s strategic direction.
Integrating security requirements into VSHN’s business processes and ensuring all necessary resources (budget, people, tools) are available.
Communicating the importance of information security and supporting VSHNeers to contribute to the ISMS’s success.
Promoting a culture of improvement and ensuring the ISMS achieves its intended outcomes.
Stakeholders and Key Deliverables
- CISO
Support during internal and external audits
Defined and reviewed objectives (OKRs)
- VSHN Board
- VSHN
Approved Information Security Policy
Documented acceptance of residual Information Security risks from risk assessment
- Teams and VSHNeers
Escalation point for Information Security Incidents and stand-in for CISO
This role is tracked and reviewed with VIP-322