Information Security Policy
This Policy and the entire ISMS must be compliant with legal and regulatory requirements relevant to the organization in the field of information security, as well as with contractual obligations.
Crossjoin implements a Risk Management Process adequate to identifying Risks, Opportunities and safeguarding critical assets.
Information Security Controls
Corrective and/or Preventive actions (Controls) will be selected in accordance with the Risk Management Process defined, in such a way that these actions are adequate to reduce the identified risks to acceptable levels.
Information Security Awareness & Culture
The company is committed to improving the Information Security Culture. To achieve this objective Crossjoin has established regular Information Security Awareness Training to all its Personnel.
Information Security Policies
Existing Policies and Procedures are well documented and available to everyone within the Company. Regular reminders and training sessions to all Personnel are scheduled to ensure internal compliance.
Crossjoin will ensure that personnel assigned to positions, allocated to projects or granted privileges to assets will have the appropriate knowledge, experience, training and/or close supervision from an experienced professional with adequate knowledge.
Crossjoin Solutions is fully committed to the Continual Improvement of the ISMS, under the ISO 27001 standard and Best Practices.
Support for ISMS implementation
Crossjoin declares that ISMS implementation and continual improvement will be supported with adequate resources in order to achieve all objectives set in the Information Security Policy, as well as satisfy all identified requirements.
Information Security Objectives
Efficient management of the Information Security Management System considering Risk Management, the ISMS Performance, Incident Management and Continual Improvement of the ISMS.
Enhance Information Security for data concerning Customers, Suppliers, Employees and Partners considering the requirements for Confidentiality, Integrity, Availability and Privacy of information.
Improve Information Security Management in daily activities with the collection and analysis of Key Performance Indicators, considering the Operational Activities, IS Awareness, Critical Applications, Secure Software Development Life Cycle and Incident Management.
Ensure legal and contractual compliance with the observation of legal requirements and management of responsibilities.
Improve commercial position and increase marketing advantages, thus generating revenue by signing contracts that Information Security and ISO27001 are defined as requirements.
Provide guidance on Information Security activities and best practices to minimize the risk and impact of Information Security events, incidents and breaches.