Information Security Policy
Information Security Policy Salamanca Group realises that the security of Salamanca Group information and our client’s information is of paramount importance. To that end, Salamanca Group is committed to implementing and maintaining an Information Management System which is compliant with the requirements of ISO 27001: 2013. This Information Security Policy provides a framework for defining and regulating the management of Salamanca Group Information Management systems and other information assets. This policy will be provided to and made available to all employees of Salamanca Group in order to ensure that information is appropriately secured against loss of confidentiality, integrity, availability and that all information we store is in compliance with applicable legal, statutory and regulatory requirements. The Information Security Policy will be made available to external interested parties where appropriate. This Policy and the Information Management System and it’s related procedures will be reviewed at least annually to ensure they are still suitable to the scale and nature of our operations. We shall seek to continually improve our Information Management systems on an ongoing basis. The Salamanca Group Information Management System will be based around the below core principles of information management which are underpinned by the requirements of ISO 27001: 2013. These principles state our intent around information security, but should also be read in conjunction with our information security objectives and information security procedures: —We have appointed an Information Security Officer within Salamanca Group who is our Quality, Standards and Accreditations Manager responsible for overseeing the security of information on a group-wide basis. This will provide group-wide direction and support for the security of both information assets and resources; —We will identify and classify our information assets and ensure measures are in place to protect these assets; —We will educate and inform all personnel on matters relating to information security to include being vigilant with regards to human error, theft, fraud or misuse of facilities in relation to our company’s information; —We will abide by all relevant national and international data protection legislation when handling Salamanca Group and our client’s information; —We will ensure security controls are in place in relation to the group’s physical premises to prevent unauthorised access, damage or interference with company information or physical property; —We will ensure our Information Technology department is well resourced with a focus on information processing hardware and software of an optimum standard in relation to inbuilt security controls; —Company documentation and records will be controlled in line with the Salamanca Group related procedures with access controlled and limited to those who need the access to perform their job role; —Information should be processed in a timely and controlled manner and not stored beyond the time it is needed to perform the task it is required for; Information Security Policy —We will ensure robust business continuity procedures and contingency plans are in place to mitigate disruption to business activities and to protect our infrastructure and our key business activities from the effects of major failures or disasters; —We will diligently review all contractual and security related obligations to the information we hold to avoid any breaches relating thereto. Related Company Procedures and External Reference Documents —Salamanca Group Data Protection Policy —Salamanca Group Control of Documentation Procedure —Salamanca Group Control of Records Procedure —Salamanca Group Business Continuity Procedure —BS ISO/IEC 27001: 2013 —Data Protection Act 1998 Anne James Quality Standards & Accreditations Manager David Livingston Chief Operating Officer V1 dated 22/01/15
© Copyright 2024