- Information is only accessible to authorized persons from within or outside the organization.
- Confidentiality & integrity of information is maintained throughout the process and stored with appropriate confidentiality procedures.
- Business Continuity plans are established, maintained, and tested for the organization’s strategic risks.
- All breaches of information security and suspected weaknesses are reported and investigated.
- Procedures exist to support the policy, including virus control measures, passwords, and continuity plans.
- Its core and supporting business operations continue to operate with minimal disruptions.
- Protection of the organization’s information assets from all threats, whether internal or external, deliberate or accidental.
- That the information is available with minimal disruption to staff and the public, as required by the business process.
- All Regulatory and legislative requirements and contractual agreements with clients are met.
- All personnel are trained on information security to ensure that the staff understand their roles and responsibilities in handling incidents and have a comprehensive and well-tested incident response plan ready.
- The information Security Manager is responsible for maintaining the policy and providing support and advice during its implementation.
- All managers are directly responsible for implementing the policy and ensuring staff compliance in their respective departments.
- That the management accepts the identified residual risk and sees that the business requirements are met.
This policy has been approved by the company management and shall be reviewed by the company management team every 12 months or sooner if the work activities changes..