Information Risk and Compliance

4 Opportunities the World Cup Will Unlock for Retail, Dining, and Stadiums

AI-powered location insights from major events reveal how the 2026 World Cup will shape audiences and consumer behavior nationwide.

Read Now

Information Risk Management Approach

Placer’s approach to risk management is iterative, scalable, and embedded in day-to-day decision-making. Placer operates a mature Information Security Management System (ISMS) certified to ISO/IEC 27001, supported by a risk management program aligned to ISO 31000. Over the past year Placer has matured the program through continuous control monitoring, automated evidence collection, and tighter integration between risk, engineering, and product workflows.

Interested Parties

Placer engages internal teams, customers, partners and other external stakeholders to identify risks and agree on how they will be managed.

Establishing the Context

Placer defines the internal and external environment, scope, and risk criteria for each assessment so that the remainder of the process is grounded in a clear, agreed baseline.

Risk Evaluation

Placer prioritizes identified risks by impact and likelihood and aligns mitigation actions with the risk-acceptance thresholds approved by leadership, so the highest-priority risks receive the appropriate level of attention.

Risk Treatment

Placer selects and implements the most appropriate control options — avoid, mitigate, transfer, or accept — to address both the likelihood and the impact of each identified risk.

Monitoring and Review

Ongoing monitoring and review covers every stage of the risk management process in order to:

Validate the effectiveness of the risk program
Validate the effectiveness of risk controls Placer implements
Learn from events and near-misses
Evolve the program to address new risk sources, actors, and technologies (including AI)

Data Classification

Placer’s data classification policy sets the requirements for classifying, labeling, and handling information assets Placer owns, manages, or processes. Classification is based on sensitivity (confidentiality and privacy) and criticality (integrity and availability), so each asset receives an appropriate level of protection throughout its lifecycle.

Access Control

Placer's access control policy applies to all systems, equipment, facilities, and information within its environment, following the principle of least privilege. Controls restrict access to operating systems, applications, and cloud environments to authorized users through strong authentication (including SSO and MFA for sensitive systems), and authentication attempts are logged and monitored.

Incident Response

Placer maintains a comprehensive, documented plan to govern how it identifies and reports incidents, how it conducts investigations, and how it classifies, documents, and communicates about them. The plan also defines responder procedures and required training.
‍
The plan is based on NIST SP 800-61r3, "Computer Security Incident Handling Guide," and is tailored to Placer's risk profile and business needs. Placer updates the plan based on lessons learned from exercises, simulations and real-world events.

AI Governance

As an AI-enabled analytics company, Placer applies dedicated governance to how it develops, evaluates, and uses machine learning and generative AI within its products and internal workflows. Placer’s AI governance program extends the ISMS and integrates with its existing risk, privacy, and vendor processes. For more detail, see Placer’s Responsible AI Principles here.