OK, now before you panic about the sheer volume of reading that lays ahead of you we do actually want you to take this a little seriously. As Ron would say "it's kind of a big deal!"
So grab a cuppa, sit comfortably and start reading.
For one it'll make sure we don't get into any unnecessary trouble and perhaps do something accidental that might implicate a person, our company or a client.
Also, by having these policies we will demonstrate to our clients that we take security seriously and won't let ourselves or them down. Plus, it will unlock more doors to more clients in the future who count on this level of security from us.
So once you've read and understood these policies we'd really like you to accept them which you can do by clicking on the link at the very bottom of this page
Sound good? OK let's get started!!
This contains all of the policies which make up the Information Management System.
- It defines the scope of our company's approach to ISMS
- It defines how the scope is applied
- It provides suitable reason for permissible exclusion from this scope
- It contains or makes reference to documented procedures
- It ensures a cycle of feedback exists to allow improvements
A summarised Security Policy document is available here
- Bi-Annual reviews - end of every Apr & Oct
- Risk Assessment reviews 1mth prior to bi-annual review - end of Mar & Sept
- The ISMS Committee are responsible for maintaining and updating the policies.
- This committee meets at least quarterly and reviews all policies annually.
- The ISMS Committee requires one Director and two Principal Consultants to be actively engaged to approve any matters affecting Security policies and personnel
Group Members:
- Directors - Paul Henshaw, Matt Gaffney, Dan Rathbone, Tom Walton
- ISMS Manager (acting) - Steve Anderson
- Legal Counsel - Clare Mackintosh
- Board Members (nominated):
- Leeds - Steve Anderson, Neil Dunlop, Natalie Lovett, Pete Cotton
- Manchester - David Postle & Adrian Hesketh
- London - Neil Jennings, Richard Allen, Lara Longhurst
- Edinburgh - Ed Marshall
Contact Email: [email protected]
Information Security Roles and Responsibilities view here
In the event of an incident please:
- complete the Security Incident Reporting Form
- inform the ISMS Manager at: [email protected] who will ensure all incidents are logged as per the Security Incident Reporting Policy
Feel free to raise issues for the ISMS Committee to discuss via (in order of preference):
- Github Pull Requests - https://github.com/infinityworks/isms
- Github Issues
- Emails to [email protected]
- Acceptable Usage
- Access Control
- Anti Piracy
- Backup
- Business Continuity Policy
- Bring Your Own Device
- CCTV
- Clear Desk
- Computing
- Cryptographic Controls
- Data Breach
- Data Protection Policy
- Data Retention, Destruction and Disposal
- Data Transfer
- Device
- Digital Signature Acceptance
- Email and Internet
- End User Encryption Key Protection
- GDPR
- Hiring
- Information Exchange
- Information Sensitivity
- Laptop
- Leaving
- Money Laundering
- Monitoring
- Network Systems
- Password
- Physical Security
- Remote Access and Mobile Computing
- Removable Storage
- Security Policy
- Security Incident Reporting
- Security Response Plan
- Social Networking
- Technology Equipment Disposal Policy
- Virus Protection
(Please register the completion your Induction or Annual ISO27001 Policy Review by clicking an applicable link below)
-
Permanent Employee click here
-
Contractor Employee click here