The Information Security Officer (ISO) is generally responsible for developing and defining the Agency’s data security policies and procedures and reviewing the effectiveness of those already implemented. The Information Security Officer is also responsible for ensuring that educational programs are carried out to improve the general security awareness.
The DPO is leading the development, adoption and implementation of the Agency’s policies, procedures and standards of security.These are formal policies that define in detail and substantiate the actual mechanisms and controls and must include at least the following: • Management: risk analysis and management, document management and control, access control information controls and non-compliance sanctions. • Personnel Safety: Personnel should only have access to sensitive information for which it has the appropriate authority. • Physical precautions: Assigns security responsibilities, controls access to and controls against unauthorized access to workstations and related equipment. • Technical security: Defines access and authorization controls for day-to-day operations and emergency procedures for data. • Data Transmission Security: Defines templates for access controls, control paths, event reporting, encryption data, and data integrity checks.
Forms the Agency’s security procedures, including:• Assessment and compliance with security measures. • Recovery after disaster and emergency. • Security incident protocols and process protocols, including incident reporting and sanctions. • Control of security procedures, mechanisms and measures.
1. Propose appropriate security measures and mechanisms to protect against unauthorized access to electronically stored and / or transmitted data and protects against the usual expected threats and risks.2. Monitor the implementation of ongoing oversight of the security of the organization’s information systems, including: • Periodic assessments of information security risk. • Functional analyzes to determine the degree of compliance of key business segments and infrastructures with regulatory requirements. • Assessing and setting up new information security technologies and countermeasures to address information and / or privacy threats. 3. Ensures compliance through adequate training programs and periodic safety checks. These controls must be both internal and external.