Information is an asset that, like other important business assets, is essential to an organisation’s business and consequently needs to be suitably protected. This is especially important in the increasingly interconnected business environment. As a result of this increasing interconnectivity, information is now exposed to a growing number and a wider variety of threats and vulnerabilities.
Information security is the protection of information from a wide range of threats in order to ensure business continuity, minimise business risk, and maximise return on investments and business opportunities.
Information security is achieved by implementing a suitable set of controls, including policies, processes, procedures, organisational structures and software and hardware functions. These controls need to be established, implemented, monitored, reviewed and improved, where necessary, to ensure that the specific security and business objectives of the organisation are met. This should be done in conjunction with other business management processes.
As an ISO27001 certified organisation, we have designed and implemented an Information Security Management System with the following objectives:
- Information will be protected against unauthorised access
- The required level of confidentiality for information is always maintained
- The integrity of the information is always ensured
- The proper information is always available to the authorized users
- All staff and contractors receive sufficient Information Security training
The Information Security Management System is applied for all employees, contractors, consultants, interested parties, information and information assets for all of its operations.