We believe that a robust security governance model is the foundation of every sustainable security processes organization. This is why we build our security based on industry best practices, focusing on adoption of these practices to nurture and risk appetite of our business. We believe that security is not only a project, but a day to day activity. This is why our security model focuses on agility, efficiency and pragmatic approach.
Governance of our security is a combination of industry standards. We use NIST CyberSecurity Framework (CSF) to identify strategic goals and objectives. Tactical implementation is based on CIS benchmarks to secure our technology and ITIL & ISO 27001 standard to ensure proper process and people management.
Our Information Security Goals, Objectives and Procedures are documented in a set of Policies available to our employees but also our third parties. We include clauses in our agreements with third parties to ensure that they also follow our security approach.
BrandSync has an appointed role of CISO (Chief Information Security Officer) who is responsible for both strategic direction, but also supervises day to day operations. The CISO reports directly to our CEO.