Information Security Officer Appointment at KaarbonTech

Date 01.04.2020
Category Announcements

KaarbonTech are pleased to announce the appointment of David Montgomery as our full-time Information Security Officer. 

As the company continues to expand its client base and suite of asset management software products, KaarbonTech recognises that security must remain a top priority.

We have continually bolstered security over the years in line with the ISO 27001 standard. After our rapid expansion last year, surpassing 50 networks managed, we wanted to move to the next level by creating this position. Graeme brings with him over 7 years’ experience as an information security officer and will enhance the systems and procedures already in place.

Mark Entwistle

The standard of a software company’s security and resilience is often overlooked when a Local Authority selects a supplier, despite the critical importance and value placed with the provider

Mark Entwistle

Software is often procured through contractors and subcontractors without the appropriate due diligence. As Local Authorities move to a risk-based approach, the reliance on data collected is more important than ever.

Why Appoint an information security officer?

With the advancement of Smart Cities, digitising of highway infrastructure and introduction of the IoT (Internet of Things), this widens the scope of potential targets for cyber criminals to exploit. 

As big data advancements take place, KaarbonTech want to be at the forefront of cybersecurity and ensure any data collected through our platform will never be compromised.

David Emm, principal security researcher at Kaspersky Lab, expresses his concern on how ready we are for Smart Cities and the associated Cyber Security risks. With the appointment of David, we will be able to nullify the threat.

Graeme will take over the review process for our existing systems as we seek ISO certification. Long term, he will contribute to our development roadmap to ensure that information security strategies are at the heart of our future developments. KaarbonTech will also pass on best practice strategies to new and existing customers as part of our KaarbonTech Live events.

I have over 10 years’ experience of working in large financially regulated and smaller SaaS organisations that have had to adhere to strict information security requirements from its regulators and customers. My experience will be used to develop an Information Security Management System (ISMS) used to obtain ISO 27001 certification

Graeme Forward

ISO/IEC 27001 requires that management:

  • Systematically examine the organization’s information security risks, taking account of the threats, vulnerabilities, and impacts;

  • Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable; and

  • Adopt an overarching management process to ensure that the information security controls continue to meet the organization’s information security needs on an ongoing basis.

Related Articles