Information Security Management System
The objective of information security is to ensure the business continuity of SecureCloud+ and to minimize the risk of damage by preventing security incidents and reducing their potential impact.
2. POLICY STATEMENT
The Board and Management of SecureCloud+ are committed to preserving the confidentiality, integrity and availability of all the information assets throughout the organisation in order to maintain our competitive edge, cash flow, profitability, legal and contractual obligations and most importantly to protect our reputation. Information and information security requirements will continue to be aligned with organisational goal, and the ISMS is intended to be an enabling mechanism for information sharing for electronic operations, for e-commerce and reducing information related risks to acceptable levels. All employees of the organisation are required to comply with this policy. Certain third parties, as defined in the ISMS, will also be required to comply with it. This policy will be reviewed if significant changes in the ISMS occur or at least annually at the management review.
The security policy ensures that:
• Information is protected including the companies IPR and information related to our customers and staff from unauthorised access, disclosure, modification or loss and its confidentiality, integrity and availability is protected this will be achieved by: –
• Ensuring all staff receive appropriate security training
• Obtaining and maintaining globally recognisedsecurity standards and accreditations.
• Implementing security controls on all identified assets.
• All information risks are properly identified, assessed, recorded and managed,by: –
• All internal assets beingidentified, and security controls monitored and reviewed.
• The implementation and monitoring of customer accreditation requirements
• All legal, regulatory, contractual and applicable requirements related to information security are satisfied and met, by: –
• The review of supplier and customer contracts
• Ensuring the identification and implementation of appropriate legislation
• Ensuring any government and contractual standards are met.
• The review of our own internal policies and procedures
• The information security management system will be continually improved, by: –
• Risk & Opportunity analysis
• ISMS Policy / Objectives
• Planning of change
• 3rd party and internal audits
• Management review
Objectives will be derived from the above set goals.
All actual or suspected information security breaches will be reported to the Security Controller and will be thoroughly investigated.
The Senior Information Security Manager will chair a management group to support the ISMS framework and periodically review the ISMS systems,
Assets relating to information security will have been identified and owners should be of appropriate seniority to reflect the value of the asset, they will be responsible for:
• The whole information lifecycle of the asset.
• Ensuring that the asset is inventoried, and that this inventory is used during the risk assessment to ensure Confidentiality, Integrity and Availability.
• Maintaining, reviewing and implementing controls across the assets lifecycle.
• Establishing criteria for the acceptable use of the Asset.
• Ensuring appropriate Information Classification is applied.
The following Information Assets have been identified:
• Staff / People (Knowledge)
• IT & Process Hardware & Software (Computers, operating systems etc.)
• Information (Databases, system files, paper documentation etc.)
• Infrastructure (Power, Connectivity etc.)
• Services (E-mail, Dropbox, etc.)
• Intangibles (Reputation, Corporate Image etc.)