| No. | Objective | KPI / Target | Owner |
| 1 | Maintain service availability | ≥ 99.95 % monthly uptime across Search, Recommendations, Chat, Audience & Email modules (as measured by status.clerk.io). | CTO & SRE Lead |
| 2 | Zero high-severity security incidents | 0 successful exploitation of critical vulnerabilities in production. | Information Security Manager |
| 3 | Vulnerability remediation | Patch critical CVEs within 72 h and high CVEs within 14 days – 100 % compliance. | Engineering Leads |
| 4 | Employee security awareness | ≥ 95 % completion of annual security & GDPR training; phishing simulation click-rate < 5 %. | HR & InfoSec |
| 5 | Third-party risk management | 100 % of new suppliers processed through security due-diligence checklist before onboarding. | Procurement & InfoSec |
| 6 | BC/DR readiness | Conduct at least one full disaster-recovery test per year achieving RTO ≤ 2 h and RPO ≤ 15 min for core services. | SRE Lead |
| 7 | ISMS improvements | Close ≥ 90 % of audit non-conformities within 30 days; complete at least 2 security pen-tests per year. | Information Security Manager |