Consistent with the requirements of the above standard, we have:
- Conducted a Risk Assessment in respect of Information Security within our organisation. Where unmitigated risks have been identified, we have implemented a plan to treat them. Where residual risks remain, we accept them and will review them when appropriate.
- Identified relevant legislation, regulations and contractual requirements and reflected them in our working procedures. All employees have been advised of their responsibilities in respect of national legislation as well as their responsibilities in support of securing information within the organisation.
- Allocated responsibilities for various aspects of the QISMS to suitably qualified employees and ensured that it is adequately resourced.
- Taken responsibility to ensure that our trading partners discharge their responsibilities in respect of securing any sensitive information that we entrust to them.
- Entered into dialogue with other outside organisations where this would assist us to manage Information Security. This policy document, and other requirements of our QISMS, has been communicated to others where appropriate.
- Incorporated processes and procedures in order to assess and review the effectiveness of the ISMS and thus to continually improve it.
- Established a programme of independent review of the QISMS.
- Established and will continually review our objectives at our annual Management Reviews
Compliance with the requirements of this system is a condition of employment for our staff and failures in this respect are subject to our disciplinary process. This system underpins our trading relationships with outside organisations.
This policy is reviewed regularly in the case of influencing changes to ensure it remains appropriate for the business and our ability to serve our customers.