Ensuring effective security management.
An internationally accepted security standard.
ISO 27001 is an internationally accepted security standard that establishes the requirements and controls necessary to achieve an effective information security management system, with a focus on the management of information security risks.
The ISO 27001 security standard defines the criteria by which an organization can implement, maintain, monitor, and continuously improve its Information Security Management System.
At a Glance:
- We have implemented and maintain an IT Security Management System program which consists of policies and controls in alignment with ISO 27001 and 27002.
- ISO 27001 and 27002 ensures the effective management of the information security risks affecting the Long View business and the services provided to Long View customers.
- Third-party evidence such as PCI DSS certification, as well as our SOC1 Type II report and SOC2 Type II report demonstrates Long View's alignment with ISO 27001 and 27002 standards.
Some key components of Long View’s Risk Management program include:
- Monthly security management team meetings with regular agenda items focused on risk reviews, and the proactive detection and prevention of emerging threats.
- Monthly operational risk meetings to identify new potential risks, including the initiation of risk assessment activities referencing relevant input from vendor threat releases, internet sources, internal staff, customers, etc.
- Review and update the status of existing risk items.
- Monthly management risk summary reports.
- Quarterly risk management meetings to review the organization's risk profile.
- Review any critical and priority risks present in the organization.
- Ensure accountability and responsibility of critical and priority risks.
- Identify risks requiring awareness of the Long View executive team and Board.
- Discuss any emerging threats or vulnerabilities.
The demonstration of the effectiveness of Long View's risk management program is evident through Third-party PCI DSS certification and SOC1 Type II report.