Corporate governance

Objectives


Altus Group’s Corporate Security programs are designed to protect information assets, such as: 

  • The critical systems that customers rely upon for Altus Group services 

  • Altus Group source code and information  

  • Personal and other sensitive information that Altus Group collects, including customer, partner, supplier, and employee data in Altus Group’s systems 



Industry standards and certifications


Altus Group’s security policies cover the management of security for both Altus Group’s internal operations and the services Altus Group provides to its customers and apply to all Altus Group employees and contractors.  



Information security oversight


The Altus Group Chief Technology Officer (CTO) manages the Corporate Security departments which guide security at Altus Group. These departments drive the corporate security programs, define corporate security policies, and provide oversight for Altus Group’s security policies and requirements. 



Information security


Information Security (InfoSec) defines policies for the management of information security across Altus Group. Additionally, InfoSec sets direction and provides advice to help protect Altus Group information assets (data), as well as the data entrusted to Altus Group by our customers, partners and employees.

InfoSec also coordinates the reporting of information security risk to senior leadership such as Board of Directors. InfoSec programs direct and advise on the protection of data developed, accessed, used, maintained, and hosted by Altus Group by means of: 

  • Leading development and review of information security policies 

  • Overseeing the development and approval of information security-related standards across Altus Group 

  • Providing oversight of information security risk management 

  • Managing and overseeing security assessment programs, including security testing and penetration testing 

  • Directing information security incident management and response 

  • Evaluating and approving architecture proposals for Altus Group systems and cloud services 

  • Promoting security education, training, and awareness 


Trust Center quick links
Access controlAssurance standardChange managementCorporate governanceCryptographic standardHR securityIncident response planMobile devices and laptopsNetwork securityPhysical and environmental securityRisk managementSecure development