Information Security Policy
Purpose
The purpose of this policy is to protect from all threats, whether internal or external, deliberate or accidental, the information assets of:
- Herald Chase Marketing Limited
- Customers
- Suppliers
- Employees, contractors and agents
Objectives
The implementation of this policy is important to maintain and demonstrate our integrity in our dealing with customers and suppliers.
It is the policy of Herald Chase Marketing Limited to ensure:
- Information is protected against unauthorised access
- Confidentiality of information is maintained
- Information is not disclosed to unauthorized persons through deliberate or careless action
- Integrity of information through protection from unauthorised modification
- Availability of information to authorized users when needed
- Regulatory and legislative requirements will be met
- Business continuity plans are produced, maintained and tested as far as practicable
- Information security training is given to all Employees
- All breaches of information security and suspected weaknesses are reported and investigated
Application
All Herald Chase Marketing Limited personnel and suppliers, employed under contract, who have any involvement with information assets covered by the scope of the Information Security Management System, are responsible for implementing this policy and shall have the support of the Herald Chase Marketing Limited Management who have approved the policy.
Objectives
To identify through appropriate risk assessment, the value of information assets, to understand their vulnerabilities and the threats that may expose them to risk.
To manage the risks to an acceptable level though the design, implementation and maintenance of a formal Information Security Management System.
To comply with legislation including;
- Companies Act 1985
- Health and Safety Act
- Interception of Communication Act 1985
- The Data Protection Act (2018)
- Copyright, Designs and Patents Act (1988)
- Computer Misuse Act (1990)
- Regulation of Investigatory Powers Act (2000)
- Freedom of Information Act (2000)
- Human Rights Act (2000)
- GDPR Regulations
To comply with any customer contract conditions relating to information security.
Commitment to comply with ISO 27001-2005
Commitment to achieve and maintain certification to ISO27001-2005
Specific Policies
Specific policies exist to support this document including:
- Acceptable Use Policy
- Access Control Policy
- Backup Policy
- Clear Desk Policy
- Information Classification Policy
- IT Asset Management Policy
- Business Continuity Management
Responsibilities
The management of Herald Chase Marketing Limited create and review this policy.
The Information Security Lead facilitates the implementation of this policy through the appropriate standards and procedures.
All employees, contractors and agents follow the procedures to maintain the information security policy.
All employees have a responsibility for reporting security incidents and any identified weaknesses.
Any deliberate act to jeopardise the security of information that is the property of Herald Chase Marketing Limited or their customer or suppliers will be subject to disciplinary and/or legal action as appropriate.
Review
The policy is reviewed bi-annually and in case of influencing changes to ensure it remains appropriate for the business and our ability to serve our customers.
This policy is publicly available to interested external parties upon request.
Contacting Herald Chase about our Information Security Policy
If you have any questions about our Information Security Policy please contact us:
Address
Herald Chase Marketing Limited
Unit 4b Paddock Road
Caversham, Reading
Berkshire, RG4 5BY
UK
T. +44 (0)118 947 4888
E. enquiries@heraldchase.com