Information Security
Policy
It is our policy to operate and maintain an Information Security Management System (ISMS) to the requirements of ISO 27001:2013. Our ISMS is an acknowledgement that information is a critical business asset and that protecting the confidentiality, integrity and availability of information assets from all threats whether internal, external, deliberate or accidental is a business priority.
We will ensure we have implemented appropriate controls to secure our information assets, and those we are responsible for, using physical, procedural, staff and technical security measures. In addition we will:
- Comply with all applicable laws, regulations and applicable requirements related to information security
- Implement improvement initiatives to achieve continual improvement of the ISMS including risk assessment and risk treatment strategies
- Communicate Information Security objectives and review of performance in achieving these objectives, throughout the organisation and to interested parties
- Work closely with interested parties in preserving Information Security
- Complete Information Security Awareness Training with all staff
- Constantly strive to meet and where possible exceed customer’s expectations
Responsibility for upholding this policy is the responsibility of all workers with full support of the company management.
We shall review, measure and monitor our Information Security framework, documentation and implemented controls on an ongoing basis to ensure their relevance and effectiveness in protecting our information assets with the aim of continual improvement of our systems and performance. Formal review of the ISMS and information security objectives is completed at least annually and documented during Management Review.