Information Security Policy
essensys has set forth in our business plan information security objectives consistent with ISO 27001. Department and project managers are informed and trained on these objectives for incorporation into their respective roles and teams.
We stand by the following on-going security objectives:
- Information is only accessible to authorised persons from within or outside the organisation and levels of access are determined by CIO or by delegated authority.
- Confidentiality, integrity and availability of information and systems are maintained.
- Business continuity plans are established, maintained and tested.
- All personnel are trained on information security and are informed that compliance with the policy is mandatory.
- All breaches of information security and suspected weaknesses are to be reported to the CIO and investigated and appropriate actions taken.
- Relevant procedures exist to support the policies in place.
- Regular audits of the processes and policies are conducted to ensure continuous review and improvement of the IBMS.
- New systems or services are deployed in a controlled and secure manner
- As far as is possible, essensys avoids breaches of legal, regulatory and contractual requirements.
Whilst the above company objectives are high-level, we have further analysed and categorised these into our Risk & Opportunities Matrix. In some cases, this may allow for specific objectives to be set across different functions. This demonstrates how we measure and set targets in meeting the high-level objectives.
essensys Quality Management Policy
essensys adheres to a quality management system relevant across all levels of the organization and consistent with ISO 9001. Our quality objectives have been defined in accordance with SMART; they are Specific, Measurable, Achievable, Realistic, and Timed.
- We endeavour to deliver our services to specification, on time and to the price quoted. This is measured by onboarding KPIs, NPS surveys, customer satisfaction surveys, client feedback, and stats around project delivery time frames and budget reports.
- We endeavour to satisfy our clients’ requirements and get things right the first time. Should we make a mistake, we acknowledge the error and rectify the situation as quickly as possible. This is measured by a number of non-conformances, complaints, corrective action reports, customer feedback, quantity of customer credits issued over a period.
- We aim to achieve and maintain a level of quality which enhances our company’s reputation with customers. This is measured by Net Promoter Scores and Case Quality checks.
- We analyse customer feedback data and business performance data to ensure that our Quality Objectives are being met. This is measured by our customer satisfaction audit following our NPS surveys.
- We aim to deliver services that are available 24/7/365, with minimal disruption during core business hours to our customers. This is measured by our infrastructure operations team using system uptime and availability metrics.
- We aim to deliver customer invoices and reports on the first working day of the month. We measure this with our active site invoice audit each month.
- We aim to sell quality products and services to customers whilst working to continuously expand the functionality and capabilities of our offerings to meet market needs.