At CPIT we recognise that information is an important business asset of significant value to the company. The confidentiality, integrity and availability of company information needs to be rigorously protected from threats that could disrupt business continuity. This policy has been written to provide a mechanism to establish procedures to protect against security threats and minimise the impact of security incidents. The Risk and Compliance Partner has approved this Information Security Policy.
The purpose of this policy is to protect the company’s information assets from all threats, whether internal or external, deliberate or accidental.
This policy extends to physical security and encompasses all forms of information security. It covers data printed or written on paper, stored on computer hard drives and/or removable media (such as CDs, DVDs, tapes and USB drives), transmitted across networks, or spoken in conversation or over the telephone. All managers are directly responsible for implementing the Policy within their business areas, and for making sure their staff adhere to the principles it describes. It is the responsibility of each employee to adhere to the policy. Disciplinary processes will be applicable in those instances where staff fail to abide by this security policy.
IT IS THE POLICY OF THE COMPANY TO ENSURE THAT:
• Information will be protected against unauthorised access or disclosure.
• Confidentiality of information is assured.
• Integrity of information is maintained.
• Regulatory and legislative requirements regarding Intellectual property rights, data protection and privacy of personal information are met (e.g. GDPR).
• Business Continuity and Disaster Recovery plans will be produced, maintained and tested.
• Staff receive sufficient Information Security training.
• All breaches of information security, actual or suspected, are reported and investigated by The Risk and Compliance Team.