Information Security Policy

Information Security is at the heart of our business

We have developed this Information Security Policy in order to preserve our competitive edge, cash-flow, profitability, legal, regulatory and contractual compliance, commercial image, protect our employees and help fulfil our strategic objectives.

Information is at the heart of our business, and any threat to its confidentiality, integrity, or availability is a direct threat to our business. Information security applies to, and is the responsibility of, all staff. The Management Team is fully supportive of the need for, and enforcement of, information security policies and procedures.

The Senior Leadership Team is committed to ensuring that we conduct our activities in such a way that information is adequately safeguarded from potential security threats. In support of this, we have aligned our approach to information security with the ISO27001 framework.

The Information Security Policy has been approved by the CEO to ensure that all information assets (information in all its forms) are protected and are used in the best interests of the company and its clients.

It is essential that we at understand the importance of information security, our responsibilities and the consequences of ignoring them, and ultimately the effects of security on our success, and that we all recognise and understand our role in protecting our information assets.

The Information Security Manual will help you understand your role in delivering this aspect of our business’s risk management activities. It will also help us continually improve the security of our information.

We conduct Risk Assessments, have produced a Statement of Applicability (found in the Appendix of the security manual) and Risk Treatment Plans to identify how information-related risks are controlled.

The Information Security & Compliance Manager is responsible for the management and maintenance of the risk treatment plan. Additional risk assessments may, where necessary, be carried out to determine appropriate controls for specific risks.

In particular, business continuity and contingency plans, data backup procedures, avoidance of viruses and hackers, access control to systems and information security incident reporting are fundamental to this policy.

If there is anything you do not understand, please speak with the Information Security & Compliance Manager who will be able to advise you.

John Ryder Signature

John Ryder – CEO & Founder

—–

  • Creation: 31/01/2018
  • Last Review: 19/01/2021
  • Owner: John Ryder, Founder & CEO is responsible for maintaining the policy and ensuring that it is up to date.
  • Classification: This Policy has been classified as Public as per our Information Classification and Data Handling Policy.
  • Compliance: This policy forms part of the company’s induction and ongoing security awareness programme. If there is anything within this policy that is not clear, or has not been understood, then you must inform your line manager or policy owner to seek further clarification.
  • Failure to comply with this policy, in whole or in part, may lead to disciplinary action.