Purpose

The Zeta Alpha Risk Management Policy is intended to enable Zeta Alpha to undertake periodic risk assessments in order to identify and address security vulnerabilities and to begin necessary remediation.

Scope

Any entity within Zeta Alpha and any outside entity that has signed a Third-Party Agreement with Zeta Alpha can be subjected to risk assessments. Risk assessments can be performed on any information system, including applications, servers, devices, and networks, as well as any process or technique used to administer or maintain these systems.

Policy

The Information Security Department and the department responsible for the assessed system share responsibility for executing, developing, and implementing corrective actions. Employees are required to participate effectively in any risk assessments conducted on the systems for which they are accountable. Additionally, employees should expect to collaborate with the Information Security department’s Risk Assessment Team to build a remediation strategy. Zeta Alpha may engage a third-party partner to conduct an independent risk assessment and validate the efficacy of the Zeta Alpha risk management approach.

Policy Compliance

Compliance with this policy will be verified by the Infosec team using a variety of approaches, including business tool reports, internal and external audits, and reporting to the policy owner. 

Exceptions: Deviations to the policy must be carefully coordinated by the Infosec team.
Non-Compliance: If it is revealed that an employee has violated this policy, they may face disciplinary action, including termination. Additionally, any vendor, consultant, or contractor discovered in violation of this policy may suffer repercussions such as loss of access rights, contract termination, and associated civil or criminal fines.

Previous    Home    Next