This policy is created to support the business’ commitment to effective, efficient and proportionate management of information security. It is produced under the authority of the Directors and communicated to all employees, relevant suppliers, and partners. It is complemented by a set of information security policies that define the security practices required by the business; these are published in the information security management system and signed off by all staff, relevant suppliers and relevant partners.
Information managed by the business includes:
-
– Electronic information, e.g. customer (patient data) emails, client and Gendius reports, project materials and contracts
-
– Hard copy information
-
– Verbal information and knowledge
-
Information covered by this policy includes:
-
– Client/Customer information
-
– Business information
-
– Staff, suppliers, partners and advisor’s information
Our aim is to ensure business continuity and that of our customers and to minimize the risk of security incidents by preventing and reducing their potential impact.
The Company’s Information Security Management System provides a framework to protect informational assets against all internal, external, deliberate or accidental threats, protecting confidentiality, integrity and availability of information in order to:
-
– Meet the security requirements of the business’ interested parties
-
– Comply with relevant legislation, regulation and contractual obligations
-
– Comply with the requirements of ISO27001
The business’ information security management system defines security responsibilities, security governance and assurance, objectives and performance measures. This framework for security management is used to evaluate performance of information security management and to define improvement targets such that the business’ information security management capabilities continually improve. This policy is available and applicable to all interested parties.
Policies and Procedures will be implemented to support the ISMS in line with this policy and objectives.
The ISM working with Directors and staff are responsible for maintaining the policy and providing operational support and advice in its development.
Everyone at Gendius is directly responsible for implementing the policy and ensuring staff compliance in their respective areas.
Compliance with the Information Security Policy is mandatory and will be continually reviewed for its suitability, adequacy and effectiveness.
