Asckey Data Services

Asckey white logo on transparent background
Menu
Contact us icon
Asckey white logo on transparent background

Information Security Policy

Scope

Management direction and support for information security in accordance with business requirements and relevant laws and regulations.

Purpose

The overall purpose of this policy is to protect from all threats, whether internal or external, deliberate or accidental, the information assets of Asckey Data Services Ltd (Asckey) and its clients. The Company is committed to ensuring the security and integrity of all data.

This policy has been designed to emphasise the importance that Asckey places upon security of its own property, client property, confidential information and electronic systems.

This policy is also designed to protect the Company’s electronic security systems and therefore to ensure the security of its computer equipment, software and physical property including its premises and property held by third parties who hold property belonging to Asckey. It covers all aspects of the Company’s security or electronic equipment that it is designed to protect including, but not limited to, entry codes, electronic codes, keys and alarm systems as well as the Company’s computer equipment, and networks.

Responsibilities

The Directors are responsible overall for approving and authorising the issue of the Information Security Policy and identifying opportunities for continuous improvements.

The Information Security Manager is responsible for informing the Directors of any changes required and identifying opportunities for continuous improvement to the Information Security Management System (ISMS). The Information Security Manager ensures that the most recent version of the policy is distributed and made available to all staff and external interested parties, as required.

All personnel are expected to take all reasonable steps to protect confidential data and comply with the Company’s ISMS. All personnel should take reasonable steps to ensure the safety and security of data. This includes, but is not limited to specific steps in the following areas:

  • Client-confidential data
  • Person identifiable data
  • Information security on client sites
  • Securing laptops & workstations
  • Backing-up data
  • Use of portable media such as USB data sticks
  • Securing non-electronic information
  • Storing & disclosing personal data
  • Reporting any breaches of information security and suspected weaknesses or incidents.

Objectives

The implementation of this policy is important to maintain and demonstrate our integrity in our dealings with customers and suppliers.

Asckey has identified overall Information Security company objectives which include:

  • To ensure that all personnel, associates and any third parties are aware of their responsibilities in order to preserve information securely.
  • To ensure that confidentiality of information is maintained and is only available to authorised users when required and protected against unauthorised access.
  • To ensure that integrity of information through protection from unauthorised modification is achieved and that Information is not disclosed to unauthorised persons through deliberate or careless action.
  • To ensure availability of information and associated assets to authorised users when needed and to protect the information and systems from any threats which may occur.
  • To ensure that all physical and information assets are identified, risk assessed and control(s) identified, implemented, maintained and reviewed to ensure that control(s) are effective.
  • To ensure that Regulatory and legislative requirements will be identified and met.
  • To ensure that business continuity plans are produced, maintained and tested as far as practicable
  • To ensure that Information security training is given to all staff.
  • To ensure that all breaches of information security and suspected weaknesses/incidents are reported and investigated.
  • To review and endeavour to continually improve our services, processes and Information Security Management System

Full list of objectives is contained in BM03-F2.

Applicability

All Asckey Data Services Ltd. personnel and suppliers including third parties, employed under a contract or who have any involvement with information assets covered by the scope of the Information Security Management System, are responsible for implementing this policy and shall have the support of the Directors, who have approved this policy.

Goals

To identify through appropriate risk assessment, the value of information assets, to understand their vulnerabilities and the threats that may expose them to risk. To manage the risks to an acceptable level through the design, implementation and maintenance of a formal ISMS and in order to provide the highest levels of service, Asckey operates an ISMS which is compliant with BS ISO/IEC 27001:2013 (ISMS). Our ISMS Scope and procedures are Internally Audited and Risk Assessed to ensure continued conformance and results are reviewed and evaluated regularly by the Management Meeting.

Legal and other requirements

We comply with all aspects of information security, legal and other requirements.

This policy and supporting policies apply to all information held in both manual and electronic form, as required and are communicated to all employees and relevant external parties. All personnel have a responsibility for reporting security incidents and any identified weaknesses/incidents.

The policy has been approved by the Directors and is reviewed annually or sooner should a significant change occur in order to ensure its continuing suitability, adequacy and effectiveness.

(Version 11)

Let us take care of your software applications

Get in touch with us today to find out more!

Contact