A structured program mandates at least two internal audits annually, maintaining our ISMS's effectiveness.
Monthly Risk Review
All ISMS-related risks are examined and monitored on a regular basis. Identifying and evaluating potential risks, rating the likelihood of an attack, and estimating the effect of a security breach are all part of our comprehensive risk-based strategy. This data is then used to prioritise our cybersecurity activities and make informed decisions about security policies, procedures, and controls.
We undertake regular penetration tests of our Cloud Infrastructure. Additionally, continuous monitoring ensures adherence to best security practices and timely threat detection.
We have developed and implemented comprehensive information security policies and procedures that cover all aspects and requirements of the ISO 27001:2022 International Standard. These policies are aligned with the organisation’s business and information security objectives, core stakeholders requirements and risk assessment results. All the documents are regularly monitored and kept up to date.
We have an incident response plan to handle security incidents effectively. The Incident Management Producers include steps for reporting, assessing the severity, and mitigating security breaches. We also have Data Breach Severity Assessment Procedures in place to monitor all incidents and possible data breaches in accordance with the criteria outlined in GDPR Article 33.
We have extensive business continuity procedures in place to ensure that important processes and information are not disrupted or destroyed in the event of a disruption or disaster. All BCP scenarios are subject to ongoing monitoring and exercises to ensure that our core business operations are not impacted by any unforeseen situation.
PinMeTo defines security culture as the set of values, beliefs, and norms that influence security-related activity within an organisation. PinMeTo employees are committed to our information security culture, adhering to all security best practises and contributing to our powerful collective approach. Annual employee training sessions are conducted, with specialised training modules for roles having specific security responsibilities.
Top Management Review
Semi-annual meetings focusing on information security ensure continuous alignment with evolving threats and strategies. Our Information Security Officer holds regular discussions with the CTO, CFO, and CEO, evaluating potential threats and refining our mitigation strategies.
We make certain that our Information Security Management System complies with all applicable legal and regulatory standards. To demonstrate compliance, we maintain our documentation up to date.