Information Security Policy and Business Continuity

Information Security Policy

The Policy of the Company is on a continuing basis to exercise due care and due diligence to protect Information Systems from unauthorised access, use, disclosure, destruction, modification, disruption or distribution.

This will ensure that our reputation with our clients is maintained through confidentiality, integrity and availability.

Management will ensure business, legal, regulatory requirements and contractual security obligations are taken into account.

Risk Assessments against agreed criteria is continually undertaken.

The Management Team bears the responsibility for establishing and maintaining the system and undertakes to ensure its integrity is maintained through instruction and training of its personnel and that each employee has a proper understanding of what is required of them.

Equally every employee has a personal responsibility to maintain this integrity.

Further the Management will ensure any subcontractor employed for a particular function will meet the requirements specified and accept responsibility for their actions.

The Organisation has a Policy of Continuous Improvement and Objective setting in line with the ISO 27001:2013 Standard.

The Information Security Management System will be monitored regularly under the Top Management’s ultimate responsibility with regular reporting of the status and effectiveness at all levels.

Business Continuity Policy

The Management Team accepts and retains responsibility for establishing, maintaining and implementing a system for controlling those particular activities for which it is responsible. We undertake to ensure through instruction, practical example and training that quality and delivery of a sustainable service is the aim of all members of the company, and that each employee and interested party has a proper understanding regarding the importance and direct relevance of the business continuity management system, to the on-going success, viability and reputation of the company.

In specific terms The Management Team, in line with its commitment to this international standard, will ensure that the company satisfies applicable requirements related to: legal and wider industry protocols; its documented interested parties; provides resources to plan, implement, maintain and review its business continuity management system; undertakes a thorough business impact and risk assessment; provides a plan and incident procedures capable of dealing with and recovering from any disruptive incident; communicates its planned procedures internally, to all staff and, externally, to relevant interested parties; undertakes periodic testing, review and maintenance of its incident procedures.

Every employee has designated responsibilities and will be trained to perform duties required by his or her specific role within incident procedures and response. Furthermore, the company will ensure that any sub-contractors employed for a particular function will be made aware of incident response and recovery procedures.

The company has a policy of continual improvement and establishing objectives in line with the framework laid down within ISO 9001:2008 and including the principles of BS ISO 22301: 2012

We hereby certify this [the Business Continuity] Manual along with company standard operating procedures, accurately describes the business continuity management system in use within the company, and meets the requirements of BS ISO 22301: 2012.

The business continuity management system will be formally monitored, reviewed, and tested, in line with a suite of objective performance measures – approved by the senior management team.