LEGAL TECHNOLOGY CORE COMPETENCY

CERTIFICATION COALITION (LTC4)

INFORMATION SECURITY MANAGEMENT

COMMITMENT STATEMENT

  1. OVERVIEW

At LTC4, our first priority is to deliver the highest quality services to our clients. Since 2014, our members have trusted our organization with handling information related to their training performance. Often these matters require the transfer, review and storage of personal information. Maintaining the confidentiality, integrity, and availability of this information is required to preserve that trust and ensure the delivery of LTC4 services. To further these requirements, LTC4 is committed to developing, updating, and implementing, information security policies and procedures consistent with industry standards and best practices. The guidelines for the management of these policies and procedures are described below.

  1. PURPOSE

This document will help to ensure the proper governance of the LTC4’s information security policies and procedures. Proper governance is required to protect the information maintained by LTC4, in both electronic and paper form.

  1. SCOPE

These policies are based on the requirements of the ISO 27002:2013 standard. The policy library includes, but is not limited to the LTC4 Information Security Policy and any supporting policies.

  1. POLICY
  2. Roles and Responsibilities

The Data Protection Manager is responsible for the drafting and maintenance of these policies. Policy changes impacting end-users must be approved by the LTC4 Board of Directors and/or LTC4 Contributing Members. Policies outside of the scope of this document, are the responsibility of the LTC4 Board of Directors and/or LTC4 Contributing Members.

  1. Policy Review

All LTC4 written information security policy documents must be reviewed on an annual basis by a team consisting of the LTC4 Board of Directors and/or the LTC4 Contributing Members.

  1. Policy Exceptions

Exceptions to policies are strongly discouraged, however, in some rare cases, necessary. Exceptions must be documented and reviewed at least every six months to determine if the exception is still required.

 

LEGAL TECHNOLOGY CORE COMPETENCY

CERTIFICATION COALITION (LTC4)

INFORMATION SECURITY MANAGEMENT

COMMITMENT STATEMENT

  1. Information Security Management Committee

An information security management committee composed of the Data Protection Manager and LTC4 Contributing Members, must meet bi-annually to review the current status of information security at LTC4. The committee will consider the implementation of policy changes, new policies, or new technology to proactively address the current threat landscape.

  1. Dissemination of Policies

Policy review constitutes a substantial portion of LTC4’s annual security awareness training program. The policies are also available on the LTC4’s Member page of the LTC4 website.

  1. Revisions and Audience

Each policy should have an entry indicating the last review date as well as the target audience. Any policies containing information relevant to end-users, even if minimal, must be disseminated according to Section E. above.

  1. AUDIENCE

All LTC4 contractors and volunteers.

  1. COMMITMENT SIGNATURE

 

Rob Karwic

LTC4 Data Protection Manager
On Behalf of the LTC4 Board of Directors