Stakeholder analysis

The following parties have relevance to our information security management system. We have documented their requirements towards information security, as well as any requirements we might have from them.

PartyWhat they expect from usWhat we expect from themCommunication
ShareholdersNo negative press, e.g. as a result of data breaches.
Once per year, the CISO will distribute (a summary of) this year's Management reviews.
PersonnelProtection of personal data (GDPR)Knowledge and obedience of all relevant Policies and Procedures.Mile stones and success stories about our ISMS will be communicated through our company news letter.
ContractorsProtection of personal data (GDPR)Knowledge and obedience of /wiki/spaces/DEMO/pages/5670154/wiki/spaces/DEMO/pages/5670005.
ClientProtection of personal data (GDPR)Respect our /wiki/spaces/DEMO/pages/5670005 when it comes to the exchange of sensitive data.Our certification status is communicated through our web sites, and the topic will be addressed by account managers.
End usersProtection of personal data (GDPR)

End users are informed about our certification status via our web site. There they can also find our /wiki/spaces/DEMO/pages/5668928.

Government, supervising authoritiesTo uphold the law and regulations (GDPR)Timely communication on changes in relevant laws. A process for reporting data breaches.