Information Security Policy
It is the policy of Safe Data Governance to provide a secure service to our customers. As such we have implemented an Information Security framework based on the ISO27001:2013 Framework.
Safe Data Governance ensures all information stored and processed by the company, or on behalf of the company is securely protected against the consequences of breaches of confidentiality, failures of integrity or interruptions to the availability of that information.
Information is an asset which, like other important business assets, has value to an organisation and consequently needs to be suitably protected. Information security protects information from a wide range of threats in order to ensure business continuity, minimise business damage and maximise return on investments and business opportunities.
All types of information; printed or written on paper, stored electronically, transmitted by post or using electronic means, shown on films, or spoken in conversation, and the means by which it is shared or stored, is always appropriately protected.
We aim to continually improve the effectiveness of our information security management system and our performance by:
• Reviewing our management system on a regular basis and encouraging employees to review their working practices and suggest methods for improvement where appropriate, and implementing improvements where practical.
• Implementing specific information security objectives and targets which are regularly monitored, reviewed and reported in our Management Review meetings where the ongoing suitability of this policy and related information security policies are reviewed.
Our information security objectives include the preservation of:
· Confidentiality - ensuring information is accessible only to those authorised to have access
· Integrity - safeguarding the accuracy and completeness of information and processing methods
· Availability - ensuring authorised users have access to information and associated assets when required
Information security objectives are achieved by the implementation of a set of controls, including policies, practices, procedures, organisational structures and software functions.
This policy is issued and explained to all employees upon commencement of employment with the company, and is available to all other relevant interested parties. Any revisions will be incorporated when necessary and be brought to the attention of all applicable interested parties.