Ribbon’s Information Security Policy outlines the executive directive to support an Information Security Management System (ISMS) in accordance with ISO/IEC 27001 and industry best practices. This policy applies to all offices and personnel within the organization.

The Ribbon Information Security Policy is the official communication to personnel providing executive direction to protect information assets against unauthorized use, disclosure, modification, damage, or loss. This policy is aligned with Ribbon's strategic objectives, revenue, and risk appetite.

Information Security Policy (Excerpt)

Leadership Commitment

Information security is fundamental to Ribbon’s success, and it is a top priority of the CEO, the Senior Leadership Team, and the Board of Directors.

Ribbon management is committed to providing appropriate resources to implement, operate, and continually improve the ISMS and it is managed in compliance with all applicable legal and regulatory requirements to protect and ensure the confidentiality, integrity, and availability of information for our business and stakeholders.

Information Security Objectives

Ribbon has defined measurable information security objectives that are aligned with the top-level objectives listed:

  • Reduce and manage information security risks by deploying leading-edge security tools, as necessary.
  • Monitor technical vulnerabilities of information systems and take measures to mitigate the associated risk.
  • Respond to information security incidents following documented procedures and in compliance with service-level agreements.
  • Promote a culture of information security and data protection through training and awareness, within the organization and with relevant personnel working under its control.

Information Security Responsibilities

  • Every Ribbon employee is responsible for reading, understanding, and abiding by all applicable policies relating to the ISMS. Applicable policies include the Information Security Policy, Acceptable Use Policy, and Mobile and Desktop Policy available via the Ribbon documentation tool.
  • Every Ribbon employee is advised to stay aware, recognize, and report a suspected security incident by opening a ticket, calling the IT Help Desk, or report suspicious emails via the phish alert report button, or contact the Information Security team for guidance.

Disciplinary Policy

  • Employees who violate Ribbon policies, are directly or indirectly responsible for a security breach, or who unreasonably fail to report a security incident may be subject to disciplinary action up to and including termination of employment per applicable law.

Ribbon’s Approach to Information Security

Information security is a business imperative that requires the involvement and commitment of the entire organization. To further convey the importance of information security, the following strategies are employed at Ribbon:

  • Educational Initiatives: Implement regular training sessions and workshops to inform employees about the latest security threats and practices to safeguard data, and to share best practices.
  • Internal Communications: Use newsletters, intranet articles, and presentations to share the latest industry information on information security topics.
  • Customer Engagement: Share information security achievements and certifications with customers to build trust and to demonstrate Ribbon's commitment to protecting their data.
  • Employee Involvement: Encourage employees to participate in information security initiatives and provide feedback on policies and procedures.

By implementing policies, training, and communication Ribbon aims to:

  • Ensure the security and integrity of its information and systems via three main cornerstones: confidentiality, integrity, and availability
  • Identify security gaps and vulnerabilities, protect data, and improve cyber resilience
  • Manage risks proactively, consistently, and measurably
  • Effectively convey the importance of Information Security to all stakeholders
  • Demonstrate a commitment to best practices in information security.

Ribbon’s Information Security Certification

Click HERE to access Ribbon’s ISO/IEC 27001 certificate.