SECURITY MANAGEMENT POLICY STATEMENT CP001

This Information Security Policy document is aimed to define the security requirements for the proper and secure use of the Information Technology services at TechVertu. Its goal is to protect the company and its users to the maximum extent possible against security threats that could jeopardize their integrity, privacy, reputation and business outcomes.

The scope of this policy relates to use of the database and computer systems operated by the company at its office in London Road Grays, Essex in pursuit of the company’s business of providing IT services to the users of information technology across different businesses. It also relates where appropriate, to external risk sources including functions which are outsourced. It will explain the Purpose, Scope and Responsibilities in relation to Information Security Management System (ISMS) and the required practices necessary for different Information Technology (IT) services within the company’s business process. The complete Information Security Policy document is available to everyone at the company’s SharePoint. This document alongside other required documents are the foundation to establish an effective Information Security Management System for TechVertu.
‍
TechVertu is committed to maintain a quality and information security system designed to meet the requirements of ISO9001:2015 & ISO 27001:2013 in pursuit of its primary objectives, the purpose and the context of the organisation.

It is the objective of this information security policy to:

• Provide services within a secure environment.
• Ensure the correct and secure operation of information processing facilities.
• Ensure that risk to information in the care of TechVertu is minimised or eliminated.
• Conform to contractual and regulatory requirements in relation to the Information Security.
• To continually improve overall efficiency and effectiveness of information security and service delivery to our clients.

These objectives are supported by the following customer orientated objectives:

• To increase customer’s confidence concerning the security of the information in the care of TechVertu
• Provide management direction and support for information security in accordance with business requirements and relevant laws and regulations.
• To minimize the risk of systems failures

These objectives are achieved by:

• Providing first class training to all TechVertu employees about the Information Security.
• Controlling access to information
• To implement and maintain the appropriate level of information security and service delivery in line with third party service delivery agreements
• Continually review and improve our Information Security Policies by analysing recorded security incident.

As TechVertu is part of the John F Hunt Group of companies, the IMS Manger and the Information and Cybersecurity Officer at TechVertu who are responsible for the monitoring of the ISMS policies and procedures, should work closely with the Group Compliance Department ensuring the requirement of the Integrated Business and Information Security Management System are implemented and maintained. Integrated Business and Information Security Management System is regularly reviewed through in-house and external audits conducted by British Assessment Bureau Ltd who are a UKAS Accredited Assessment Body. This policy is reviewed annually by the Security Committee at the IMS Management Meeting Review and is publicly available through our web site or by request from the Head Office.