How does Eye-Able® ensure that information governance, risk management, and security programs are structured and compliant?
Ensuring governance, risk management, and security programs with involvement of the executive management
Eye-Able® has a formally established information governance framework, which is sponsored by the executive management, documented, and regularly updated.
Review and Adjustment of Policies and Procedures
All relevant policies and procedures are reviewed at least annually or adjusted when there are significant organizational changes.
Enterprise Risk Management (ERM)
A company-wide Enterprise Risk Management (ERM) is implemented and includes, among other things, the identification, assessment, treatment, and acceptance of risks in the areas of cloud security, data protection, and compliance.
Roles, Responsibilities, and Exceptions
Roles and responsibilities within the governance structures are clearly defined and documented. Deviations from established policies are subject to a formalized, approval-required exception process.
Security Program and Legal Requirements
The entire security program covers all relevant control areas of the CCM (Cloud Controls Matrix) and is part of the overarching ISMS.
Legal, contractual, and regulatory requirements are centrally documented and regularly compared to new legal sources and industry standards.
Industry-Specific Collaboration
In addition, Eye-Able® actively engages in exchanges with industry-specific working groups, trade associations, and standardization bodies in the cloud and data protection areas. This allows for the early consideration of new regulatory developments in the governance practice.