Periodic activities
- Stian Jonson
Periodic task | Who | When (each year) |
|---|---|---|
Update all governing documents, QMS, ISMS, KBP, HSE, ES 1 | Responsible for Management Systems and KBP-owners | April + when changes |
Update performing documents (procedures etc): QMS, ISMS, KBP, HSE, ES | Responsible for Management Systems and KBP-owners
| April + when changes |
Conduct training in: QMS, ISMS, KBP, HSE, ES | Responsible for Management Systems and KBP-owners | April + for new employees |
Management's review of QMS, ISMS, KBP, HSE, ES | CEO + Responsible for Management Systems | At the end of April |
Yearly Security Audit | CISO | January (to December) |
Review of access to systems, in addition to ongoing access administration | All Product Owner and System Owners | April + regularly |
Conduct or update risk assessments for Products and System, in addition to ongoing risk assessment | All Product Owner and System Owners | April + regularly |
Conduct or update risk assessments for Key Business Processes | Key Business Processes Owners | April + regularly |
Conduct or update risk assessments for Conexus overall | Management team | Before Board meetings |
Update Records of Processing Activities (Iconfirm) and Data Processor Agreement | All Product Owner and System Owners | April + when changes |
Update Privacy statement (Personvernerklæring) | All Product Owner and System Owners | April + when changes |
Update Subcontractors in Iconfirm, DPAs and Privacy Statements | All Product and System Owners | April + when changes |
Update all technical system documentation | All Solution and System Owners | April + when changes |
Update documentation on security in the development or configuration process | All Solution and System Owners | April + when changes |
ISMS - Self assessments - Products and Systems |
|
|
|
|
|
ISMS - Management review of status | CISO arranges | Juni-August/September - before September Boardmeeting |
QMS - Self assessment | CISO arranges | Juni-August/September - before September Boardmeeting |
Management review | CISO arranges | August/September - before Board meeting regarding QMS Management review summary |
External technical Audit of external systems | CISO arranges | June-August each year |
External Audit of ISMS | CISO arranges | Every 3 Years, starting from 2024 November |
HSE rounds (Vernerunder) | Health, Safety and Environment (HMS) responsible arranges | January each year + when changes |
1 QMS=Quality Management System, ISMS=Information Security Management System, KBP=Key Business Processes, HMS=Health, work environment and Safety and ES=Environment & Sustainability