Information Security Policy
We recognise that in the delivery of our services we capture and hold a large amount of sensitive information about individual Clients. As a company we are committed to satisfy applicable requirements related to information security and the continual improvement of the ISMS. In order to safeguard this information we have identified three key aspects/objectives which are essential in establishing our ISMS, namely:-
- Administrative Safeguards: documented policies and procedures for day-to-day operations; managing the conduct of; and managing the selection, development, and use of security controls.
- Physical Safeguards: security measures meant to protect an organization’s electronic information systems, as well as related buildings and equipment, from natural hazards, environmental hazards, and unauthorized intrusion.
- Technical Safeguards: security measures that specify how to use technology to protect One Beyond’s systems, particularly controlling access to it.
Our risks as identified within our Statement of Application are subject to dedicated controls and regular internal reviews. Information Security is the responsibility of all members of staff, not just the Leadership Team, and as such all staff should retain an awareness of this policy and its contents and demonstrate a practical application of the key objectives where appropriate in their daily duties.
We also make the details of our policy known to all other interested parties including external where appropriate and determine the need for communication and by what methods relevant to the information security management system. These include but not limited to customers and clients and their requirements are documented in contracts, purchase orders and specifications etc.
Verification of compliance with the policy will be verified by a continuous programme of internal audits.