SECURITY MANAGEMENT POLICY STATEMENT CP001
This Information Security Policy document is aimed to define the security requirements for the proper and secure use of the Information Technology Services at TechVertu. Its goal is to protect the company and its users to the maximum extent possible against security threats that could jeopardize their integrity, privacy, reputation and business outcomes. The scope of this policy relates to the use of the database and computer systems operated by the company at its office in London Road Grays, Essex in pursuit of the company’s business of providing IT services to the users of information technology across different businesses. It also relates where appropriate to external risk sources including functions which are outsourced. It will explain the Purpose, Scope and Responsibilities in relation to the Information Security Management System (ISMS) and the required practices necessary for different Information Technology (IT) services within the company’s business process. The complete Information Security Policy document is available to everyone at the company’s SharePoint. This document alongside other required documents is the foundation to establish an effective Information Security Management System for TechVertu. TechVertu is committed to maintaining a quality and information security system designed to meet the requirements of ISO9001:2015 & ISO 27001:2013 in pursuit of its primary objectives, the purpose and the context of the organisation.
It is the objective of this information security policy to:
- Provide services within a secure environment.
- Ensure the correct and secure operation of information processing facilities.
- Ensure that risk to information in the care of TechVertu is minimised or eliminated.
- Conform to contractual and regulatory requirements in relation to Information Security.
- To continually improve the overall efficiency and effectiveness of information security and service delivery to our clients.
These objectives are supported by the following customer-orientated objectives:
- To increase customers’ confidence concerning the security of the information in the care of TechVertu
- Provide management direction and support for information security in accordance with business requirements and relevant laws and regulations.
- To minimize the risk of system failures
These objectives are achieved by:
- Providing first-class training to all TechVertu employees about Information Security.
- Controlling access to information
- To implement and maintain the appropriate level of information security and service delivery in line with third-party service delivery agreements
- Continually review and improve our Information Security Policies by analysing recorded security incidents.
As TechVertu is part of the John F Hunt Group of companies, the IMS Manager and the Information and Cybersecurity Officer at TechVertu who are responsible for the monitoring of the ISMS policies and procedures, should work closely with the Group Compliance Department ensuring the requirement of the Integrated Business and Information Security Management System are implemented and maintained. Integrated Business and Information Security Management System is regularly reviewed through in-house and external audits conducted by British Assessment Bureau Ltd which is a UKAS Accredited Assessment Body. This policy is reviewed annually by the Security Committee at the IMS Management Meeting Review and is publicly available through our website or by request from the Head Office.