Security Governance at Varjo

Security is an inbuilt requirement in Varjo’s operations and every leader in the company is responsible for ensuring that security requirements are fulfilled in their respective domains. Security matters are managed through the same corporate governance management process as any other business-related matter. 

Varjo Information Security Management System is ISO/IEC 27001:2022 certified. 

Security Leadership  

Security Management Team, including senior leadership roles is appointed to oversee security management and governance. 

Chief Information Security Officer (CISO) is responsible for leading the security work, covering all aspects of security, including corporate, physical, secure development and product security.  

Data Protection Officer (DPO) responsible for data protection, privacy and compliance work. 

Security Policy and Training 

Varjo has a thorough Security Policy defining security roles & responsibilities, security objectives and security requirements for employees, operations and development. Security awareness training is mandatory. 

Security Risk Management  

Security risks are identified and analyzed in a continuous manner through security risk workshops and other assessment activities. Security risks are categorized, recorded in the security risk register and prioritized for remediation.  

Incident Management and Security Monitoring 

Varjo has a defined Security Incident Management process to identify, classify, prioritize and resolve incidents 24/7.