Information should always be protected, regardless of how it is formed, shared, communicated or stored.
- Information can exist in many forms. It can be printed or written on paper, stored electronically, transmitted by post or by using electronic means, shown on films, or spoken in conversation.
- Information security is the protection of information from a wide range of threats in order to ensure business continuity, minimize business risk, and maximize return on investments and business opportunities.
This policy applies to all departments in the organization.
Information Security Objectives
- Strategic and operational information security risks are understood and treated to be acceptable to the organization.
- The confidentiality, integrity and availability of customer information, product development and all confidential information are assured.
Information Security Principles
- This organization encourages risk-taking and tolerates risks provided that information risks are understood, monitored and treated when necessary.
- All employees will be made aware and accountable for information security as relevant to their role.
- Provision will be made for funding information security controls in operational and project management processes.
- Information security risks will be monitored and action taken when changes result in risks that are unacceptable.
- Situations that could place the organization in breach of laws and statutory regulations will not be tolerated.
- Management is responsible for ensuring that information security is adequately addressed throughout the organization. Management shall also review this policy annually, or as needed when significant changes occur in the organization, and document this review.
- Each manager is responsible for ensuring that the people who work under their control protect information in accordance with the organizations requirements.
- Every staff member has information security responsibilities as part of doing their job.