Information Security Policy
To define the Policy to be followed for information Security.
This procedure will be operated by all staff members.
4.0 Information Security Policy
Management will put in place an information security policy statement appropriate to the needs of the organization and its customers, which includes a commitment to continual improvement. The statement will be reviewed for continuing suitability and will be communicated, understood and implemented throughout the organization.
The purpose of this information security policy is to provide requirements and controls for the protection of the company’s information resources, including networks, software applications, hardware and the information stored on those resources.
The aim of the information security policy is to preserve:
- Confidentiality: information is not made available or disclosed to unauthorised individuals, entities or processes;
- Integrity: the accuracy and completeness of information is safeguarded;
- Availability: information is accessible and usable upon demand by an authorised entity;
The Information Security Management System will be established against the requirements of ISO27001:2013 and will be used to identify, assess and control the risks associated with information security. The overall objective is to continually improve the information security controls within the Practice. The framework for establishing information security objectives will be the management review meetings.
The information security statement includes a commitment to satisfy applicable requirements related to information security.
Whilst Senior Management retain overall responsibility for information security, all employees are responsible for ensuring that best practice is implemented at all times and for complying with the requirements of the Information Security Management System.
This policy will be subject to regular reviews in order to ensure that it continues to reflect the requirements of the Practice.