Information Security Policy
Clause No.: 5
Document Ref: 0503
Issue No.: 01
Date: 23rd July 2019
It is the policy of Open Grid Systems to maintain an Information Security Management System which is designed to meet the requirements of ISO 27001: 2013. We will strive to continuously improve our ISMS through having the framework in place for setting, monitoring, reviewing and achieving our objectives and we will seek continual improvement in the effectiveness and performance of our management system based on analysis of risks.
We will ensure that our policy is available to all internal interested parties via our notice board and to all external interested parties via our website, and we will comply with all legal requirements & codes of practice.
To pursue our policy, we will be guided by these fundamentals;
- Confidentiality – safeguarding the accuracy and completeness of assets
- Integrity – ensuring that information is not made available or disclosed to unauthorised individuals, entities or processes
- Availability – being accessible and usable upon demand by an authorised entity
We will address any identified threats or vulnerabilities by applying the appropriate security risk treatments.
Every employee is responsible for implementing our Information Security Management System and, as the Managing Director, I would emphasise our commitment to this system and will ensure that the proper resources are allocated to implement this policy effectively.
Our IS and communications systems are intended to promote safe and reliable working practices. This policy outlines the standards that you must observe when using these systems, when we will monitor their use and the action that we will take if you breach these standards.
This policy will be reviewed, and if necessary revised, annually during Management Review.
The scope of this policy relates to the use of the computer systems operated by the company in pursuit of providing all Open Grid System’s services.