Information security policy
Summary of information security policy
“Information Security is everybody’s responsibility”
BITS recognises that our information assets are key resources upon which we depend to provide services to our customers and to continue to be a successful organisation. We are
committed to protecting the security of information assets and where needed, those of our clients. In support of this we will take all reasonable and appropriate measures to ensure these assets are safeguarded from threats and vulnerabilities and have implemented an Information Security Management System (“ISMS”) which meets the criteria laid out in BS EN ISO/IEC 27001: 2017.
This policy allows BITS to:
- Protect the confidentiality, integrity and availability of information assets
- Maintain and develop our competitive advantage – our customers have a choice of which IT support company to use, therefore our information about those customers and services they receive from us has a value like any other asset and must be protected
- Be legally and contractually compliant with regard to the Data Protection Act, customer contractual requirements and any other applicable legislation
- Continuously improve our information security arrangements
- Counter security threats and vulnerabilities – some of these threats can be negated by the use of technology, but a large amount can be countered by good management practice and well-informed and trained staff.
Objectives
To minimise business damage by reducing threats and risk incidents (internal, external, accidental and deliberate) so that Business Continuity is not affected. BITS will ensure that security related risks are reduced to an acceptable level. Our ISMS will ensure that:
- Confidentiality, integrity and availability of information is maintained
- Legal, client and regulatory requirements are met
- Results of risk assessments are evaluated, implemented and reviewed
- The Business Continuity Plan is formulated, tested, implemented and reviewed
- All those working for BITS are made aware of Information Security and their responsibilities through training, refresher training and job-related documentation
- The proper action is taken against any security threats or incidents
Achievement of these objectives measured against specific goals and progress is reviewed regularly by our Management Team.
This policy is owned by BITS’s senior management team.