Information Security Management

  1. ABOUT THIS POLICY

    Resolution Interiors Ltd.’s (RIL’s) investment in the acquisition, storage and use of electronic and paper-based information exists primarily to help provide the effective delivery of its services. This information is held in relation to employees, customers, sub-contractors and suppliers. The nature of information held includes confidential business plans and it is essential that the availability and confidentiality of accurate relevant information is maintained in a secure and legal environment.

    RIL is committed to achieving the policy objectives through an Information Security Management System (ISMS) which will meet or exceed the requirements of ISO 27001.

  2. POLICY OBJECTIVES

    The information security objectives are to ensure that the company’s information base is protected so that it may continue to deliver its services to its customers and suppliers and comply with necessary legislation. It also seeks to ensure that any security incidents have a minimal effect on its business and that of other interested parties.

  3. PURPOSE OF THE POLICY

    The purpose of this policy, is to protect RIL’s information assets from all threats, whether internal or external, deliberate or accidental. This policy is in accordance with RIL’s:

    • Access Control Policy (ACP)
    • Privacy Policy (PP)
    • Business Continuity Plan (BCP)
  4. AIMS OF THE POLICY

    The key aims of the policy are to ensure that:

    • Information is protected from unauthorised access
    • Confidentiality of personal or sensitive information is assured
    • Integrity of information is maintained
    • Information is disposed of in a timely, appropriate and secure manner
    • Legislative requirements, codes of practice and company policy and practices are observed
    • BCP’s are produced, maintained and tested
    • Information security training, resources and equipment is available to all employees
    • All employees are made aware of their individual obligations in respect of this Information Security Management Policy
    • Appropriate monitoring and reporting processes are put in place to identify and act upon breaches of information security

    In order to achieve this, RIL will develop and maintain information security standards. These will be in accordance with the ISO 27001 Information Security Management System.

    Procedures, working practices and protocols will be maintained, as detailed in ISO 27001.

  5. RESPONSIBILITIES OF THE POLICY

    RIL’s Executive Team (Exec) are responsible for ensuring the ISM policy is maintained, and that it will achieve these objectives whilst seeking continual improvement in efficacy and performance, based on ‘risk’.

    The Senior Management Team (SMT) are responsible for ensuring the correct implementation of this policy and it is the responsibility of individual employees to comply with the procedural directives of the policy.

    This policy will be made available to all employees, customers and interested parties.

    RIL’s Exec Team will review this policy regularly and any changes necessary as a result of this review will be implemented.