ISO 27001: essensys Information Security Policy
essensys has set forth in our business plan information security objectives consistent with ISO 27001. Department and project managers are informed and trained on these objectives for incorporation into their respective roles and teams.
We stand by the following on-going security objectives:
- Information is only accessible to authorised persons from within or outside the organisation and levels of access are determined by CIO or by delegated authority.
- Confidentiality, integrity and availability of information and systems are maintained.
- Business continuity plans are established, maintained and tested.
- All personnel are trained on information security and are informed that compliance with the policy is mandatory.
- All breaches of information security and suspected weaknesses are to be reported to the CIO and investigated and appropriate actions taken.
- Relevant procedures exist to support the policies in place.
- Regular audits of the processes and policies are conducted to ensure continuous review and improvement of the IBMS.
- New systems or services are deployed in a controlled and secure manner
- As far as is possible, essensys avoids breaches of legal, regulatory and contractual requirements.
Whilst the above company objectives are high-level, we have further analysed and categorised these into our Risk & Opportunities Matrix. In some cases, this may allow for specific objectives to be set across different functions. This demonstrates how we measure and set targets in meeting the high-level objectives.