User Tools

Site Tools

You are here: start » security » soc » on

Sidebar

Security Menu

DLZP INTERNAL ONLY

Home

IS-1

Security Assessment and Authorization - CA

Cyber Security Incident Response Checklists

CyberSecurity Incident Response

Cyber Security Tools & Docs

AWS Security Services Tools

WAF Rules Customer Docs

Old Security Info

security:soc:on

Table of Contents

Organizational Narrative

Org Narrative Template

March 2019 Contents

  1. Organizational Narrative
  2. Entity Type
  3. Integrity and Ethics
  4. Board Independence
  5. Organizational Structure
  6. Management Objectives
  7. Risk to Objectives
  8. Fraud Risk to Objectives

Table 1 - Control Satisfaction

StandardNIST CategoryControls SatisfiedAudit Controls
NIST 800-53rev4Familyaa##1.02, 1.03

Table 2 - Major Document History

DateCommentWho
5/1/2019Initial DocTharp

Organizational Narrative

The following provides a description of the corporate a management structure of ACME Evil Anvil Corporation. The intent of this description is to establish both the legal jurisdiction and corporate cultural norms that serve as the foundation for ACME Evil Anvil Corporation’s compliance program.

Entity Type

ACME Evil Anvil Corporation is a Delaware C-Corporation headquartered in San Francisco, California. ACME Evil Anvil Corporation was established in 1970.

Integrity and Ethics

The Directors and Executives of ACME Evil Anvil Corporation aspire to and demonstrate standards of ethics and integrity consistent with professional norms in American corporate environments. Chief among these standards is a commitment to honesty in interactions with and among managers, directors, employees, contractors, customers, and other stakeholders.

Board Independence

The Board of Directors appoints and oversees the Chief Executive Officer (CEO).

Organizational Structure

ACME Evil Anvil Corporation is composed of 7 primary divisions: • Sales • Marketing • Manufacturing • Research & Development • Information Technology • Human Resources • Finance Each division is led by a Vice President, who in turn reports to the CEO. A complete Organization Chart is maintained and distributed by Human Resources.

Management Objectives

Work is distributed to each division via Objectives set by the respective division Vice President, in collaboration with the Chief Executive Officer.

Risk to Objectives

ACME Evil Anvil Corporation seeks to manage risk to Objectives through professional management strategies and tactics, including: • Rigorous hiring practices • Employee performance reviews • Aligning compensation with objectives • Regular communication of objectives by executive management

Fraud Risk to Objectives

ACME Evil Anvil Corporation acknowledges the possibility that fraud may imperil corporate objectives. ACME Evil Anvil Corporation undertakes various activities to manage fraud risk, including: • Conducting regular financial audits • Adhering to financial control principles • Investigating suspicious transactions • Performing criminal background checks on all employees • Maximizing the use of information technology in fraud detection

/opt/bitnami/dokuwiki/data/pages/security/soc/on.txt · Last modified: 2019/05/13 23:39 by dlzp_admin

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki