Below is an overview of practices we implemented to reduce risks and to get a better understanding of where risks can become an issue in the Ambassify product itself but also in Ambassify as an organization.
Our Risk management system (RMS) is rolled out in accordance with the ISO 31000 standard.
1. Change management
Using a well-defined process during our development process, we ensure a steady rate of improvements without having an overall reduction of quality and security in our product.
We provide documentation for most of our company’s key components and processes. Some of these are publicly available:
For our complete internal working, we have a comprehensive written down wiki for all employees that give everybody a clear understanding of all de details of how we work as Ambassify.
3. Executive sponsorship
Ambassify is a founder-led company where one of the founders has a strong background in information security. It helps to make risk management fully integrated across all levels of the organization.
We have a proactive stance o risk and risk management is integrated into all aspects of the company. Some policies that support this proactive stance are:
5. Gap Analysis
Yearly internal meeting that we organize to see how we can improve. Iteration is the key here.