1. Introduction
CardExchange, Inc., which provides desktop ID card and visitor management software and SaaS based credential management solutions, is committed to preserving the confidentiality, integrity and availability of all assets, including personally identifiable information (PII), in scope of the information security management system (ISMS) in order to maintain its legal, regulatory and contractual compliance and commercial image. CardExchange Inc is committed to ensuring compliance with all applicable legislative, regulatory and contract requirements, including all applicable PII protection legislation. To achieve this, CardExchange Inc has implemented an ISMS in accordance with the international standard ISO/IEC 27001:2013. The ISMS is subject to continual, systematic review and improvement.
2. Policy Objectives
3. Roles and responsibilities
The Chief Technology Officer (CTO) is accountable for the management and maintenance of the risk treatment plan. Additional risk assessments may, where necessary, be carried out to determine appropriate controls for specific risks. All employees and those working under the scope of the ISMS are expected to comply with this policy and with the ISMS that implements this policy. CardExchange Inc has established a Management Team (InfoSec) chaired by the Chief Operating Officer (COO) to support the ISMS framework and to periodically review the Information Security Policy.
Document owner and approval
The Chief Technology Officer (CTO) is the owner of this document and is responsible for ensuring that it is reviewed in line with the review requirements of the management system. For more information please email This email address is being protected from spambots. You need JavaScript enabled to view it.
ISO/IEC 27001:2013
201 Sand Creek Rd, Suite L-E
Brentwood, CA 94513
Monday – Friday
9am – 5pm (EST)
+1 (925) 529 4999
Stationsplein 13 A
3818 LE, Amersfoort
Monday – Friday
9am – 5pm (CET)
+31 (0)20 2251 447