ISMS Documents

PeopleMetrics Trust Portal

Information Security Documentation for Third-Party Due Diligence

✓ ISO 27001:2022 Certified

✓ Access granted. The documents below are confidential and provided for vendor evaluation purposes only. Please do not reproduce or redistribute without written consent from PeopleMetrics, Inc.

Certification

◆ ISO/IEC 27001:2022 Certificate Official certificate issued by A-LIGN Compliance and Security, Inc. Valid through September 23, 2028. Certificate No. ISMS-PE-092325. Certification ⇓

Policies & Procedures

■

Information Security Policy

Core security principles, controls, and governance framework.

Policy ⇓

🔑

Access Control Policy

RBAC, MFA, user provisioning, and access review procedures.

Policy ⇓

⚠

Incident Response Policy

Severity classifications, response SLAs, and client notification procedures.

Policy ⇓

⛭

Change Management Policy

Structured change request, review, approval, and documentation process.

Policy ⇓

↻

Business Continuity & DR Plan

RTO/RPO objectives, recovery procedures, and annual testing cadence.

Policy ⇓

📊

Data Retention & Deletion Policy

Retention principles, secure deletion, and hardware disposal procedures.

Policy ⇓

👥

Vendor Risk Assessment Policy

Third-party security assessment process, requirements, and frequency.

Policy ⇓

💻

Acceptable Use Policy

Rules governing use of IT assets, data handling, and security reporting.

Policy ⇓

🐛

Vulnerability Management Policy

Scanning cadence, severity-based remediation timelines, and pen testing program.

Policy ⇓

Need additional documentation or have questions about our security program? Contact our Information Security Officer directly.

✉ Contact our ISO

ISO 27001:2022 Certification · Certificate No. ISMS-PE-092325 · Issued by A-LIGN Compliance and Security, Inc. · Valid through September 23, 2028

Solutions

Resources

Company