At Arize, we understand that effective information security is paramount for maintaining our business operations and securing the information our customers entrust us with. The Arize Information Security Program uses a standards based, risk management approach to develop and implement information security policies, standards, guidelines, and procedures that address security and privacy objectives, in tandem with business and operational considerations. Our core themes in our approach to security are:
- Meet our customer cloud security requirements, and exceed industry standards and certifications requirements.
- Ensure that all information assets are protected in a manner that minimizes the risks of unauthorized information disclosure, modification, or destruction, whether accidental or intentional.
- Lead the industry in our product and cloud security.
Led by the Arize Chief Information Security Officer (CISO), the Arize Security Team (AST) implements and manages the information security program across the organization. The CISO ensures the effectiveness of the information protection program through program oversight. The AST establishes and communicates Arize priorities for the organizational mission, objectives, and activities. The AST reviews and updates the organization’s security plan and compliance with the security plan by the workforce, and evaluates security risks on behalf of Arize.
Our security program and relevant policies, standards and guidelines have the fundamental guidance, procedures, and commentary based upon Arize security standards and codes of practice for information security. The actual controls in the standards and codes are intended to address the specific requirements identified via formal risk assessments. They are also intended to provide a guide for the development of organizational security standards and effective security management practices.
This Arize Security Program Charter serves as the capstone document for the information security program. Information security policies define information security objectives in topical areas. Information security standards, processes and procedures provide more measurable guidance in each policy area.
The Arize Security Program Charter and associated policies, standards, guidelines, and procedures apply to all employees, contractors, part-time and temporary workers, service providers, and those employed by others to perform work on Arize premises, at hosted or outsourced sites, or who have been granted access to Arize information or systems. These standards include:
- Protect information assets by developing information security policies to identify, classify, and define protection and management objectives, and define acceptable use of Arize information assets.
- Reduce vulnerabilities by developing information security policies to assess, identify, prioritize, and manage vulnerabilities. The management activities will support organizational objectives for mitigating the vulnerabilities, as well as developing and using metrics to gauge improvements in vulnerability mitigation.
- Counter threats by developing information security policies to assess, identify, prioritize, and monitor threats. The monitoring activities will support organizational objectives for deterring, responding to, and recovering from threats. The monitoring activities also will support the development and use of metrics to gauge the level of threat activity and the effectiveness of the Arize threat detection and response capabilities.
- Ensure that information security is designed and implemented within the development lifecycle for applications and information systems.
- Ensure that the Arize Security Program Charter and associated policies, standards, guidelines, and procedures are properly communicated and understood by establishing a security awareness program to educate and train individuals, groups, and organizations covered by the scope of this Arize Security Program Charter.
The Arize management is responsible for the execution of the Arize information security program and ensuring that the Arize Security Program Charter and associated policies, standards, guidelines, and procedures are properly communicated and understood within their respective organizational units. Arize management is also responsible for implementing procedures in their organizational units, and ensuring their consistency with approved Information Security policies and standards.