Our Information Security Policy.Our company Information Security Policy outlines our guidelines and provisions for preserving the security of our data and technology infrastructure
|
Objective
The objective of information security is to ensure the business continuity of RSK Orbital and to minimise the risk of damage by preventing security incidents and reducing their potential impact. The aim of top management is to make information security part of every day actions by providing tools and training to make it more easily achievable so that it becomes second nature.
Policy
The policy’s goal is to protect the organisation’s informational assets against all internal, external, deliberate or accidental threats. The IT Director/Security Head has approved the information security policy. The security policy ensures that:
Information Security Policy Statement
All staff are directly responsible for implementing the policy and ensuring compliance in their respective departments. Compliance with the Information Security Policy is mandatory.
Version: 03
Approved by: Adam Gallacher, MD
Dated: 22 December 2020
Review date: 22nd June 2023
Reviewed by: Management team
ISMSPolicy_Ver03_KM_Dec2020
The objective of information security is to ensure the business continuity of RSK Orbital and to minimise the risk of damage by preventing security incidents and reducing their potential impact. The aim of top management is to make information security part of every day actions by providing tools and training to make it more easily achievable so that it becomes second nature.
Policy
The policy’s goal is to protect the organisation’s informational assets against all internal, external, deliberate or accidental threats. The IT Director/Security Head has approved the information security policy. The security policy ensures that:
- Information will be protected against any unauthorised access;
- Confidentiality of information will be assured; Integrity of information will be maintained; And availability of information for business processes will be maintained;
- Legislative and regulatory requirements will be met;
- Our risk management plan will be developed, maintained and reviewed;
- Information security awareness training forms part of day to day activities will be available for all employees, with notifications given through the Privacy and Security Hub on Basecamp. All employees are responsible for overall information security within the business and in some cases will be assigned specific roles to maintain the ISMS and ongoing security through system operation. Our aim is security by design, making secure practices part of our day to day procedures;
- All actual or suspected information security breaches will be reported to the Security Head, recorded and will be thoroughly investigated and actions taken as necessary;
- We will strive for continual improvement of our ISMS, through regular reviews, audits and other communications;
- Procedures and further policies exist to support this policy, including policies regarding social media, internet use, remote working, data protection, backups and confidentiality. (Please see the list of Policies in the header for this site for more information);
- We will maintain our service levels (and agreements) to provide the best quality service with minimum interruptions for our clients;
- We strive to use the most cost effective and secure third party suppliers to securely host and protect our data.
- The Security Head is responsible for maintaining the ISMS, ASTON and providing support and advice during its implementation and operation.
Information Security Policy Statement
All staff are directly responsible for implementing the policy and ensuring compliance in their respective departments. Compliance with the Information Security Policy is mandatory.
Version: 03
Approved by: Adam Gallacher, MD
Dated: 22 December 2020
Review date: 22nd June 2023
Reviewed by: Management team
ISMSPolicy_Ver03_KM_Dec2020