The document is an overview by James Patterson, the COO of Resolver, detailing information security controls and management practices, including SOC2 and ISO27001 compliance. It covers various aspects such as policy management, operational risk, vendor risk, and application management, emphasizing the importance of an annual audit for high-risk applications and user access reviews. Contact information for inquiries is also provided.

1. How Resolver
Uses Resolver

2. Hello!
I am James Patterson
Chief Operating Officer at Resolver
james.patterson@resolver.com

3. Overview
▪ InfoSec Controls Documentation
▪ SOC2, ISO27001
▪ Policy Management
▪ Op Risk
▪ Vendor Risk Management
▪ Application Management
▪ Asset Management
▪ Legal Requests
▪ Project Tracker

4. InfoSec Controls Documentation
Control
Documentation
Controls Linked to
SOC2, ISO 27001
Linked to
Policies
Operating Evidence
Attached to Controls

5. Policy Management
Policy
Repository
Basic Approval
Process

6. Operational Risk Management
Supports Annual Risk
Assessment Process
Interview –
Risk Identification
Risk
Assessment

7. Application Risk Management
Applications Are
Assigned an
Owner
Annual Criticality
Assessment by
Owner
▪ Confidential
data, PII data or
critical business
process = High
Risk
▪ Otherwise =
Low Risk
Hosted
High Risk
Applications
▪ Must have annual
SOC2 or similar
audit
▪ Request most
recent audit result
▪ Review and
document results
Internal
High Risk
Applications
▪ Undergo an
internal
InfoSec audit
Low Risk
Applications
▪ Not reviewed

8. Application Access Management
Annual Review of
Application User
Access
Done by all department
heads
State Access per
Employee
Which applications they
should have access to
Read, Edit or Admin
Application Owners
Review the Output
Ensure user access is
correct

9. Asset Management
All Assets Are
Tracked
▪ With Owner,
Location…

10. Thanks!
Any questions?
james.patterson@resolver.com