Managing a third-party archiver requires the highest level of caution, from a governance point of view. The Board of Directors of Learch has defined a set of policies, requirements and best practices of which we highlight some here:
- The founding rules and regulations of the Board of Directors articulate the responsibilities of the Directors, particularly in audit matters.
- The management team meets every week, acts upon decisions and systematically follows these actions up. In case a serious problem poses itself, the management team contacts the Board of Directors.
- The Management team has set up an Internal Control System, which is systematically improved and focuses on following aspects:
- business management oversight;
- operational risk assessment;
- control culture;
- information and communication;
- business activity monitoring.
- As a PSF, Learch is supervised by the CSSF.
- The organisation is routinely audited by independent auditors. Three levels of audit are defined and conducted:
- an organisational audit;
- an Information Security Management System (ISMS) audit;
- an external audit of financial statements.
