How Resolver Uses Resolver
0 likes210 views
The document is an overview by James Patterson, the COO of Resolver, detailing information security controls and management practices, including SOC2 and ISO27001 compliance. It covers various aspects such as policy management, operational risk, vendor risk, and application management, emphasizing the importance of an annual audit for high-risk applications and user access reviews. Contact information for inquiries is also provided.
How Resolver Uses Resolver
- 2. Hello! I am James Patterson Chief Operating Officer at Resolver james.patterson@resolver.com
- 3. Overview âȘ InfoSec Controls Documentation âȘ SOC2, ISO27001 âȘ Policy Management âȘ Op Risk âȘ Vendor Risk Management âȘ Application Management âȘ Asset Management âȘ Legal Requests âȘ Project Tracker
- 4. InfoSec Controls Documentation Control Documentation Controls Linked to SOC2, ISO 27001 Linked to Policies Operating Evidence Attached to Controls
- 6. Operational Risk Management Supports Annual Risk Assessment Process Interview â Risk Identification Risk Assessment
- 7. Application Risk Management Applications Are Assigned an Owner Annual Criticality Assessment by Owner âȘ Confidential data, PII data or critical business process = High Risk âȘ Otherwise = Low Risk Hosted High Risk Applications âȘ Must have annual SOC2 or similar audit âȘ Request most recent audit result âȘ Review and document results Internal High Risk Applications âȘ Undergo an internal InfoSec audit Low Risk Applications âȘ Not reviewed
- 8. Application Access Management Annual Review of Application User Access Done by all department heads State Access per Employee Which applications they should have access to Read, Edit or Admin Application Owners Review the Output Ensure user access is correct
- 9. Asset Management All Assets Are Tracked âȘ With Owner, LocationâŠ