helpdesk@saascoms.com
en English fr French es Spanish Mailmaster: Log In     Omnireach: Log In

Get Started

Information Security Policy

Introduction

The Complete Communication Solutions Ltd Information Security Policy applies to all business functions within the scope of the Information Security Management System and covers the information, information systems, networks, physical environment and people supporting these business functions. This document states the Information Security objectives and summarises the main points of the Information Security Policy.

Objective

The objective of Information Security is to ensure business continuity and minimise business damage by preventing and minimising the impact of security incidents. In particular, information assets must be protected in order to ensure:

  • Confidentiality, i.e. protection against unauthorised disclosure
  • Integrity, i.e. protection against unauthorised or accidental modification
  • Availability as and when required in pursuance of the Organisationā€™s business objectives.Responsibilities
  • The Directors have approved the Information Security Policy.
  • Overall responsibility for Information Security rests with the ISMS Manager.
  • The ISMS Manager is responsible for day-to-day procedural matters and legal compliance, including data protection, maintenance and updating of documentation, promotion of security awareness, liaison with external organisations, incident investigation, management reporting, etc.
  • The ISMS Manager is responsible for day-to-day technical matters, including technical documentation, systems monitoring, technical incident investigation and liaison with technical contacts at external organisations.
  • All employees or agents acting on the Organisationā€™s behalf have a duty to safeguard assets, including locations, hardware, software, systems or information, in their care and to report any suspected security breach without delay directly to the ISMS
    Manager. Employees attending sites that the Organisation does not occupy must ensure the security of the Organisationā€™s data and access their systems by taking particular care of laptops and similar computers and of any information on paper or other media they possess.
  • The ISMS Manager is responsible for drafting, maintaining and implementing this Security Policy and similarly related documents.
  • As with other considerations, including Quality and Health and safety, Information Security aspects are taken into account in all daily activities, processes, plans, projects, contracts and partnerships entered into by the Organisation.
  • The Organisationā€™s employees are advised and trained on general and specific aspects of Information Security according to the requirements of their function within the Organisation. The Contract of Employment includes a condition covering confidentiality regarding the Organisationā€™s business.
  • Adherence to Information Security procedures as set out in the Organisationā€™s various policies and guideline documents is the contractual duty of all employees, and a clause to this effect is set out in the Organisationā€™s Contracts of Employment.
  • Copies of this Management System, including the Risk Assessment (Annex A Statement of Applicability), are available to all of the Organisationā€™s employees.
  • Breach of the Information Security policies and procedures by the Organisationā€™s employees may result in disciplinary action, including dismissal.
  • In view of the Organisationā€™s position as a trusted provider of the provision of hardware and software telecommunications solutions, particular care is taken in all procedures and by all employees to safeguard the Information Security of its service users and/or clients.
  • Mutual Non-disclosure/Confidentiality agreements are entered into as appropriate with third party Companies.
  • All statutory and regulatory requirements are met and regularly monitored for changes.
  • A Disaster Recovery/Business Continuity Plan is in place. This is maintained, tested and subjected to regular review by the ISMS Manager.
  • Further policies and procedures, such as those for access, acceptable use of email and the Internet, virus protection, backups, passwords, systems monitoring, etc., are in place, maintained and regularly reviewed by the ISMS Manager or an appointed representative as appropriate.
  • This Information Security Policy is regularly reviewed and may be amended by the Directors in order to ensure its continuing viability, applicability, and legal compliance, with a view to achieving continual improvement in the Information Security Systems.