This document sets out the measures to be taken by all employees of CV Insight Ltd (the “company”) to protect the company’s computer systems, infrastructure, environment and other information assets from damage and threats whether internal, external, deliberate or accidental.
The Directors have responsibility for maintaining and monitoring the policy and associated systems and procedures and for providing advice and guidance on their implementation.
The implementation of the information security policy, systems and procedures within their areas of responsibility and for adhering to the ISMS key principles laid out in the company’s ISMS procedures.
The objective of the system is to:
- Reduce, so far as is reasonably foreseeable the likelihood of an incident occurring which may affect the security of the information held by the Company.
- In the event of an incident, ensuring that business continuity is maintained and impact minimised.
This objective will be met by:
- The establishment, implementation, monitoring, and maintenance of an information management system that meets the requirements of ISO 27001/2018, the Data Protection Act 2018, the UK General Data Protection Regulation and any other relevant legislation in force from time to time.
- Ensuring that any changes to the environment, technology employed, threats or legislation are identified and resulting measures reviewed and implemented. • Understanding the threats posed to information held by the company, its partners and clients.
- Evaluating the threats posed to the data held & systems operated and ensuring that appropriate risk treatments are in place to minimise them.
- Ensuring that all employees understand and fulfil their obligations with respect to information security.
- Setting annual ISMS objectives as a platform for ensuring that the ISMS system as a whole is compliant with the standard, relevant to the organisation and ensures that the system is subject to continual improvement.
This policy will be reviewed annually to ensure that it remains compliant to the standard and relevant to the company’s activities.
CVI 105 v3