The Purpose of the Policy is to protect Certes’ information assets from all threats whether these are internal, external, deliberate or accidental.
We recognise that information exists in many forms and this policy extends to data stored on computers, transmitted across networks, sent by fax, printed or handwritten on paper. This policy also covers data stored on any format of tape or diskette and any other format of removable storage device.
This policy refers also to any information shared in a conversation or over the telephone.
Certes will ensure that information will be protected against unauthorised access and that the confidentiality of data will be maintained at all times.
The integrity of information will be maintained by safeguarding the accuracy and completeness of information by protecting against unauthorised modification.
The appropriate recording and the control of information is in place to satisfy the statutory requirements of the Data Protection Act 1998.
Regular Risk Assessments will be carried out to assess the Confidentiality, Integrity and availability of Information.
Operating Procedures and Standards are in place to support this policy (including the use of passwords and virus control), these are subject to regular internal audit.
The Operations Manager has direct responsibility for the maintenance of this policy and giving guidance to the business on the implementation of the policy and its associated procedures.
All of Certes Managers are directly responsible for implementing this policy within their own business area including the adherence by their staff.
All actual or suspected breaches of data security will be reported to the Operations Manager and investigated accordingly.
All of Certes staff are personally responsible for the adherence to this Policy.
Richard King
Operations Manager
|
