This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Information Security Group

The Information Security Group (ISG) is responsible for overseeing and advising on the organisation’s information security strategy and practices in alignment with its business objectives.

Under construction

This page is still under construction. Please check back later as we continue to work on it.

1 - Contact the ISG

Get in touch with the Information Security Group (ISG) for any questions or concerns about information security.

The ISG has a responsibility to oversee and advise on the organisation’s information security strategy and practices in alignment with its business objectives.

The ISG can be most simply reached by emailing security@vaxagroup.com

Current ISG Members

Refer to the ISG Terms of Reference to see how these members are selected and what their responsibilities are.

Current people fulfilling these roles are:

  • Curtis West
  • Todd Crowley
  • Nathan Archer

2 - ISG Terms of Reference

With responsibility to oversee and advise on the organisation’s information security strategy and practices in alignment with its business objectives, the ISG itself is subject to certain requirements on it’s conduct and membership. This document sets out those requirements.

Purpose

The ISG is responsible for overseeing and advising on the organisation’s information security strategy and practices in alignment with its business objectives.

Objectives

  • Provide strategic direction for information security initiatives.
  • Prioritise information security projects and resource allocation.
  • Ensure compliance with legal and regulatory requirements.
  • Facilitate communication between stakeholders.
  • Periodically review and assess the effectiveness of security measures.

Membership

  • Chief Operational Officer (Chair)
  • IT Director
  • Legal Counsel
  • Product Director
  • Data Director
  • Representative from HR
  • Representative from Finance

Meetings

  • Monthly general meetings
  • Quarterly strategic reviews
  • Annual evaluation and planning

Responsibilities

  • Develop an annual Information Security Strategy.
  • Review and approve information security policies and procedures.
  • Monitor security incidents and responses.
  • Approve budgets for security projects.

Standing Agenda

Monthly Activities

  • Opening Remarks: Brief recap of security status.
  • Monitoring & KPIs review
    • Incident Report Review: Discuss any security incidents and responses.
    • Risk Review: Summarise any new or updated risks the group monitors.
    • KPI & Metrics Review: Review report on KPIs and ISMS Metrics
  • Project Updates: Update on ongoing and upcoming security projects.
  • Compliance Review: Updates on legal and regulatory compliance.
  • Resource Allocation: Discuss needs and priorities.
  • Any Other Business: Open floor for other concerns.

Quarterly Activities

  • Strategic Review: Assess the status of key initiatives from the Information Security Strategy.
  • Risk Assessment: High-level overview of emerging risks and vulnerabilities.
  • Budget Review: Assess budget utilisation and future allocation.
  • External Audit Summary: Presentation of external audit findings, if any.

Annual Activities

  • Annual Evaluation: Evaluate the year’s accomplishments, failures, and areas for improvement.
  • Strategic Planning: Update the Information Security Strategy for the following year.
  • Annual Compliance Review: Detailed compliance assessment.
  • Membership Review: Consideration for adding or removing members.