Risk Management System

Below is an overview of practices we implemented to reduce risks and to get a better understanding of where risks can become an issue in the Ambassify product itself but also in Ambassify as an organization.

Our Risk management system (RMS) is rolled out in accordance with the ISO 31000 standard.

1. Change management

Using a well-defined process during our development process, we ensure a steady rate of improvements without having an overall reduction of quality and security in our product.

Read more about Change Management

2. Documentation

We provide documentation for most of our company’s key components and processes. Some of these are publicly available:

• Sub-processors overview
• Ambassify policies

For our complete internal working, we have a comprehensive written down wiki for all employees that give everybody a clear understanding of all de details of how we work as Ambassify.

3. Executive sponsorship

Ambassify is a founder-led company where one of the founders has a strong background in information security. It helps to make risk management fully integrated across all levels of the organization.

4. Proactive

We have a proactive stance o risk and risk management is integrated into all aspects of the company. Some policies that support this proactive stance are:

• Incident Reponse
• Breach policy
• Disaster recovery
• Data destruction
• Information security

5. Gap Analysis

Yearly internal meeting that we organize to see how we can improve. Iteration is the key here.