Information Security Policy
Management direction and support for information security in accordance with business requirements and relevant laws and regulations.
The overall purpose of this policy is to protect from all threats, whether internal or external, deliberate or accidental, the information assets of Asckey Data Services Ltd and its clients. The Company is committed to ensuring the security and integrity of all data.
This policy has been designed to emphasise the importance that Asckey Data Services Ltd places upon the security of its own property, client property, confidential information and electronic systems.
This policy is also designed to protect the Company’s electronic security systems and therefore to ensure the security of its computer equipment, software and physical property including its premises and property held by third parties who hold property belonging to Asckey Data Services Ltd. It covers all aspects of the Company’s security or electronic equipment that it is designed to protect including, but not limited to, entry codes, electronic codes, keys and alarm systems as well as the Company’s computer equipment, and networks.
The Directors are responsible overall for approving and authorising the issue of the Information Security Policy and identifying opportunities for continuous improvements.
The Information Security Manager is responsible for informing the Directors of any changes required and identifying opportunities for continuous improvement to the Information Management System. The Information Security Manager ensures that the most recent version of the policy is distributed and made available to all staff and external interested parties, as required.
All personnel are expected to take all reasonable steps to protect confidential data and comply with the Company’s Information Security Management System. All personnel should take reasonable steps to ensure the safety and security of data. This includes, but is not limited to specific steps in the following areas:
- Client-confidential data
- Person identifiable data
- Information security on client sites
- Securing laptops & workstations
- Backing-up data
- Use of portable media such as USB data sticks
- Securing non-electronic information
- Storing & disclosing personal data
- Reporting any breaches of information security and suspected weaknesses or incidents.
The implementation of this policy is important to maintain and demonstrate our integrity in our dealings with customers and suppliers.
Asckey Data Services Ltd has identified overall Information Security Company objectives which include:
- To ensure that all personnel, associates and any third parties are aware of their responsibilities in order to preserve information securely.
- To ensure that confidentiality of information is maintained and is only available to authorised users when required and protected against unauthorised access.
- To ensure that integrity of information through protection from unauthorised modification is achieved and that Information is not disclosed to unauthorised persons through deliberate or careless action.
- To ensure availability of information and associated assets to authorised users when needed and to protect the information and systems from any threats which may occur.
- To ensure that all physical and information assets are identified, risk assessed and control(s) identified, implemented, maintained and reviewed to ensure that control(s) are effective.
- To ensure that Regulatory and legislative requirements will be identified and met.
- To ensure that business continuity plans are produced, maintained and tested as far as practicable
- To ensure that Information security training is given to all staff.
- To ensure that all breaches of information security and suspected weaknesses/incidents are reported and investigated.
- To review and endeavour to continually improve our services, processes and Information Security Management System
Full list of objectives is contained in our BM03-F2.
All Asckey Data Services Ltd. personnel and suppliers including third parties, employed under a contract or who have any involvement with information assets covered by the scope of the Information Security Management System, are responsible for implementing this policy and shall have the support of the Directors, who have approved this policy.
To identify through appropriate risk assessment, the value of information assets, to understand their vulnerabilities and the threats that may expose them to risk. To manage the risks to an acceptable level through the design, implementation and maintenance of a formal Information Security Management System and in order to provide the highest levels of service, Asckey Data Services Ltd operates an Information Security Management system which is compliant with BS ISO/IEC 27001:2013 (ISMS). Our ISMS Scope and procedures are Internally Audited and Risk Assessed to ensure continued conformance and results are reviewed and evaluated regularly by the Management Meeting.
Legal and other requirements
We comply with all aspects of information security, legal and other requirements.
This policy and supporting policies apply to all information held in both manual and electronic form, as required and are communicated to all employees and relevant external parties. All personnel have a responsibility for reporting security incidents and any identified weaknesses/incidents.
The policy has been approved by the Directors and is reviewed annually or sooner should a significant change occur in order to ensure its continuing suitability, adequacy and effectiveness.