Managing Director at Paragonqms Ltd understands the information security needs and expectations of its interested parties both within the organization and from external parties including, amongst others, clients, suppliers, regulatory and Governmental departments.
The Company has recognised that the disciplines of confidentiality, integrity and availability of information in information security management are integral parts of its management function and view these as their primary responsibility and fundamental to best business practice. The company also handles a large amount of physical media, the security of which is equally vital to best business practise.
To this end, Paragonqms Ltd has produced this information security policy aligned to the requirements of ISO/IEC 27001: 2013 to ensure that the Company:
Complies to all applicable laws and regulations and contractual obligations
Implements Information Security Objectives that consider information security requirements following the results of applicable risk assessments
· Communicate these Objectives and performance against them to all interested parties
· Adopt an information security management system comprising a security manual and procedures which provide direction and
guidance on information security matters relating to employees, customers, suppliers and other interested parties who meet
· Work closely with Customers, Business partners and Suppliers in seeking to establish appropriate information security
· Adopt a forward-thinking approach on future business decisions, including the continual review of risk evaluation criteria,
which may impact ion information security
· Instruct all members of staff in the needs and responsibilities of information security management
· Constantly strive to meet and where possible exceed its customer’s expectations
· Implement continual improvement initiatives, including risk assessment and risk treatment strategies, while making best use
of its management resources to better meet information security requirements
Responsibility for upholding this policy is truly company-wide under the authority of the Managing Director who encourages the personal commitment of all staff to address information security as part of their skills.
Dated: Jan 2017