Managing Director at Paragonqms Ltd understands the information security needs and expectations of its interested parties both within the organization and from external parties including, amongst others, clients, suppliers, regulatory and Governmental departments.

 

The Company has recognised that the disciplines of confidentiality, integrity and availability of information in information security management are integral parts of its management function and view these as their primary responsibility and fundamental to best business practice. The company also handles a large amount of physical media, the security of which is equally vital to best business practise. 

 

To this end, Paragonqms Ltd has produced this information security policy aligned to the requirements of ISO/IEC 27001: 2013 to ensure that the Company:

 

Complies to all applicable laws and regulations and contractual obligations

Implements Information Security Objectives that consider information security requirements following the results of applicable risk assessments

·         Communicate these Objectives and performance against them to all interested parties

·         Adopt an information security management system comprising a security manual and procedures which provide direction and
          guidance on information security matters relating to employees, customers, suppliers and other interested parties who meet
           its work

·         Work closely with Customers, Business partners and Suppliers in seeking to establish appropriate information security
          standards

·         Adopt a forward-thinking approach on future business decisions, including the continual review of risk evaluation criteria,
          which may impact ion information security

·         Instruct all members of staff in the needs and responsibilities of information security management

·         Constantly strive to meet and where possible exceed its customer’s expectations

·         Implement continual improvement initiatives, including risk assessment and risk treatment strategies, while making best use
           of its management resources to better meet information security requirements

 

Responsibility for upholding this policy is truly company-wide under the authority of the Managing Director who encourages the personal commitment of all staff to address information security as part of their skills.

 

 

 

 

Signed:

 

Position:Managing Director

 

Dated: Jan 2017