Reviews of Security Policy and Technical Compliance

Compliance with Security Policy

To maintain the security, integrity and availability of CX Index’s information processing assets, CX Index will continually monitor CX Index’s compliance with its security policies.

The Senior Management shall ensure that an annual internal audit takes place.  The scope of this audit is an assessment for all external/internal routers, firewalls, access points, hosts and offsite facilities for Disaster Recovery and media storage.  

CX Index will monitor users’ compliance with CX Index’s security policies, procedures, standards and requirements.

Technical Compliance Checking

The Senior Management will monitor CX Index’s technical compliance with its security implementation standards.

A specialist shall be used for technical compliance checking to ensure that hardware and software security controls have successfully been implemented in operational systems.

The technical compliance checking will be done manually (by a qualified system engineer), with automated software tools or in combination.

A qualified technical specialist shall interpret results of subsequent technical reports.

Penetration testing shall be done by third party experts as necessary (care shall be take that a successful penetration test does not compromise they system or exploit other vulnerabilities).

The Senior Management shall oversee all technical compliance testing.