2.2 Other Roles and Responsibilities

2.1 Company Management (Vintti)

• Overall responsibility for the implementation and enforcement of the WISP.

• Assign an Information Security Officer and ensure they have the necessary resources to implement the WISP.

• Establish a culture of security awareness within the company.

2.2 Information Security Officer (ISO)

• Develop, implement, and maintain the WISP.

• Coordinate with clients to ensure their security requirements are understood and met.

• Provide training and awareness programs for all employees regarding the importance of data security.

2.3 Remote Employees

• Understand and comply with all data security policies and procedures.

• Report any potential or actual security incidents immediately.

• Complete mandatory security training and awareness programs.

2.4 Clients (US-based Accounting Firms)

• Define the specific security requirements to be met by your company.

• Provide your company with any specific training or tools necessary to meet their security requirements.

• Report any potential or actual security incidents to your company's ISO.

2.5 IT Department

• Implement and manage security technologies (e.g., firewalls, antivirus software, encryption tools).

• Regularly review and update the company's IT infrastructure to ensure continued data security.

• Coordinate with the ISO to address any security concerns or incidents.

2.6 Human Resources

• Ensure all new employees receive appropriate security training before they start working.

• Implement disciplinary measures for employees who violate the company's data security policies.