Data protection policy
The objective of information security is to ensure the business continuity of CP Plus Ltd and to minimize the risk of damage by preventing security incidents and reducing their potential impact.
The policy’s goal is to protect the organization’s informational assets against all internal, external, deliberate or accidental threats. The Board of Directors has approved the information security policy and the security policy ensures that:
* Information will be protected against any unauthorised access;
- * Confidentialityof information will be assured;
- * Integrityof information will be maintained;
- * Availabilityof information for business processes will be maintained;
- * Legislative and regulatory requirements will met;
- * Business continuity planswill be developed, maintained and tested;
- * Information security trainingwill be available for all employees;
- * All actual or suspected information security breaches will be reported to the IT Manager and will be thoroughly investigated.
Procedures exist to support the policy (data protection policy), other variations including virus control measures, passwords and continuity plans. The IT Manager is responsible for maintaining the policy as well as the data protection policy and providing support and advice during its implementation.
Information can exist in various forms, and includes data stored on computers, transmitted over networks, printed or written on paper, sent by fax, stored on portable storage devices and discussed during telephone conversations. The security data policy statement and the data protection policy cover all these areas.
All managers are directly responsible for implementing the security policy statement and the data protection policy and ensuring staff compliance in their respective areas of responsibility. Compliance with these policies is mandatory and any breached must be reported.
Signature date: 1st Nov 14
Name: Ian Langdon
Title: Operations Director