The mission of the SPC Information Security Office is to design, implement, and maintain an information security program to protect SPC's systems, services and data against unauthorized use, disclosure, modification, damage or loss. The Information Security Department is committed to engaging the SPC community to establish an appropriate information security governance structure that enables effective collaboration and ensures alignment with SPC strategic objectives and foundational commitments.
Supporting elements:
A pervasive information security awareness program
An effective information security governance structure
A robust and scalable security architecture
Well-managed and maintained computing equipment
Well-managed and maintained enterprise applications
Well-managed and maintained third-party relationships
Departmental Functions:
Mitigate security risk through outreach, awareness, assessment, policy, and best practices
Participate in the monitoring of systems to detect and address malicious activity
Respond to security incidents and perform digital forensic operations
Participate in the design of technology architecture changes and in the planning of new systems
Perform risk assessments and vulnerability management operations