End-of year Risk Assessment: done

Krescendo runs a Risk Assessment Program aimed at delivering a continuous evaluation of its risks associated with people, process, technology or data.

As part of the Program, Krescendo performs a six-monthly internal review and shares the results with all its clients.

The scope of the Program is informed by:

– the “Control Groups” of the Cloud Security Alliance’s (CSA) Consensus Assessment Initiative Questionnaire (Compliance, Data Governance, Facility Security, HR Security, Information Security, Legal, Operations Management, Risk Management, Release Management, Resiliency, Security Architecture);

– requirements arising from Client-driven audits;

– insights from internal reviews;

– external certification requirements (Krescendo is pursuing ISO-27001 certification during the first half of 2014)

– regulatory requirements.

With the bar on information security continuously being raised, we worked hard throughout the year to create more transparency, consistency and depth in our control processes.

The latest review took place during November and the document pack distributed is richer and better structured than ever, containing:

– the latest version of a Service Description document, outlining current operational procedures relating to service levels, backup and disaster recovery, monitoring, secure software development;

– a snapshot of the current list of risk-related action points;

– a summary of the results and status associated with the set of risk-related reviews and tests we are committed to performing at designated time intervals;

– an updated Security Disclosure in the Cloud Security Alliance’s (CSA) STAR Registry;

– the latest version of Company and Staff Policies documents;

– the latest update of the Third Party management review document, summarising the business relationship between Krescendo and all the third parties it interacts with.

If you are interested in finding out more, contact us!

Merry Christmas!