Periodic task | Who | When (each year) |
Update all governing documents, QMS, ISMS, KBP, HMS, ES 1 | Responsible for Management Systems and KBP-owners | April + when changes |
Update performing documents (procedures etc): QMS, ISMS, KBP, HMS, ES | Responsible for Management Systems and KBP-owners
| April + when changes |
Conduct training in: QMS, ISMS, KBP, HMS, ES | Responsible for Management Systems and KBP-owners | April + for new employees |
Management's review of QMS, ISMS, KBP, HMS, ES | CEO + Responsible for Management Systems | At the end of April |
Yearly Security Audit | CISO | January (to December) |
Review of access to systems, in addition to ongoing access administration | All Product Owner and System Owners | April + regularly |
Conduct or update risk assessments for Products and System, in addition to ongoing risk assessment | All Product Owner and System Owners | April + regularly |
Conduct or update risk assessments for Key Business Processes 2 | Key Business Processes Owners | April + regularly |
Update Records of Processing Activities (Iconfirm) and Data Processor Agreement | All Product Owner and System Owners | April + when changes |
Update Privacy statement (Personvernerklæring) | All Product Owner and System Owners | April + when changes |
Update Subcontractors in Iconfirm, DPAs and Privacy Statements | All Product and System Owners | April + when changes |
|
|
|
Update all technical system documentation | All Solution and System Owners | April + when changes |
Update documentation on security in the development or configuration process | All Solution and System Owners | April + when changes |
|
|
|
External technical Audit of external systems | CISO arranges | Juni, July, August each year |
External Audit of ISMS | CISO arranges | Every 3 Years, starting from 2023 (2nd half) |
1 QMS=Quality Management System, ISMS=Information Security Management System, KBP=Key Business Processes, HMS=Health, work environment and Safety and ES=Environment & Sustainability
2 Administration, Marketing and Sales, Support, Customer Success, Product development, Operation and Projects.