diff --git a/handbook/finance/security.md b/handbook/finance/security.md
index 418526fd61..c0cbb6437d 100644
--- a/handbook/finance/security.md
+++ b/handbook/finance/security.md
@@ -1613,11 +1613,11 @@ Fleet Device Management is committed to conducting business in compliance with a
| Board of directors | Oversight over risk and internal control for information security, privacy, and compliance
Consults with executive leadership to understand Fleet's security mission and risks and provides guidance to bring them into alignment |
| Executive leadership | Approves capital expenditures for information security
Oversight over the execution of the information security risk management program
Communication path to Fleet's board of directors. Meets with the board regularly, including at least one official meeting a year
Aligns information security policy and posture based on Fleet's mission, strategic objectives, and risk appetite |
CTO | Oversight over information security in the software development process
Responsible for the design, development, implementation, operation, maintenance and monitoring of development and commercial cloud hosting security controls
Responsible for oversight over policy development
Responsible for implementing risk management in the development process |
-| Head of Security | Oversight over the implementation of information security controls for infrastructure and IT processes
Responsible for the design, development, implementation, operation, maintenance, and monitoring of IT security controls
Communicate information security risks to executive leadership
Report information security risks annually to Fleet's leadership and gains approvals to bring risks to acceptable levels
Coordinate the development and maintenance of information security policies and standards
Work with applicable executive leadership to establish an information security framework and awareness program
Serve as liaison to the board of directors, law enforcement and legal department.
Oversight over identity management and access control processes |
+| Head of IT | Oversight over the implementation of information security controls for infrastructure and IT processes
Responsible for the design, development, implementation, operation, maintenance, and monitoring of IT security controls
Communicate information security risks to executive leadership
Report information security risks annually to Fleet's leadership and gains approvals to bring risks to acceptable levels
Coordinate the development and maintenance of information security policies and standards
Work with applicable executive leadership to establish an information security framework and awareness program
Serve as liaison to the board of directors, law enforcement and legal department.
Oversight over identity management and access control processes. Responsible for oversight over third-party risk management process and review of vendor service contracts |
| System owners | Manage the confidentiality, integrity, and availability of the information systems for which they are responsible in compliance with Fleet policies on information security and privacy.
Approve of technical access and change requests for non-standard access |
| Employees, contractors, temporary workers, etc. | Acting at all times in a manner that does not place at risk the security of themselves, colleagues, and the information and resources they have use of
Helping to identify areas where risk management practices should be adopted
Adhering to company policies and standards of conduct Reporting incidents and observed anomalies or weaknesses |
| Head of People Operations | Ensuring employees and contractors are qualified and competent for their roles
Ensuring appropriate testing and background checks are completed
Ensuring that employees and relevant contractors are presented with company policies
Ensuring that employee performance and adherence to values is evaluated
Ensuring that employees receive appropriate security training |
-| Head of Digital Workplace & GTM Systems | Responsible for oversight over third-party risk management process; responsible for review of vendor service contracts |
+
## Network and system hardening standards
Fleet leverages industry best practices for network hardening, which involves implementing a layered defense strategy called defense in depth. This approach ensures multiple security controls protect data and systems from internal and external threats.