Information Security Management

 About this policy 

Resolution Interiors Ltd.’s (RIL’s) investment in the acquisition, storage and use of electronic and paper-based information exists primarily to help provide the effective delivery of its services. This information is held in relation to employees, clients, subcontractors, and suppliers. The nature of information held includes confidential business plans and it is essential that the availability and confidentiality of accurate relevant information is maintained in a secure and legal environment. 

RIL is committed to achieving the policy objectives through its Business Management System (inclusive of Information Security Management (ISM)), which will meet or exceed the requirements of ISO 27001.  

 

Purpose of the policy 

The purpose of this policy is to protect RIL’s information assets from all threats, whether internal or external, deliberate, or accidental. This policy is in accordance with RIL’s:  

  • Access Control Policy (ACP) 
  • Privacy Policy (PP) 
  • Business Continuity Plan (BCP) 

 

RIL’s Executive Board of Directors (Exec) are committed to: 

  • Satisfying applicable requirements related to information security. 
  • Establishing criteria for security processes and implementing processes according to those criteria. 
  • Continual improvement of the Business Management System (inclusive of ISM).  

 

This information security policy shall: 

  • Be available as documented information.  
  • Be communicated to all employees within the organisation. 
  • Be available to all clients and interested parties, as appropriate. 

 

Policy objectives

The measured information security objectives are: 

  • To increase the reporting of information security incidents & breaches. 
  • To decrease the number of/eliminate information security incidents & breaches. 
  • To improve the regularity of ISM auditing. 

RIL are to ensure that the company’s information base is protected so that it may continue to deliver its services to its clients and suppliers and comply with necessary legislation. It also seeks to ensure that any security incidents have a minimal effect on its business and that of other interested parties. 

 

Adopted policy behaviours  

Other key adopted behaviours of the policy are to ensure that: 

  • Information is protected from unauthorised access. 
  • Confidentiality of personal or sensitive information is assured.  
  • Integrity of information is maintained. 
  • Information is disposed of in a timely, appropriate, and secure manner. 
  • Legislative requirements, codes of practice and company policy and practices are observed. 
  • BCP’s are produced, maintained, and tested. 
  • Information security training, resources and equipment are available to all employees. 
  • All employees are made aware of their individual obligations in respect of this Information Security Management Policy 
  • Appropriate monitoring and reporting processes are put in place to identify and act upon breaches of information security. 
  • In order to achieve this, RIL will develop and maintain an Information Security Management System in accordance with the ISO 27001 standards.  
  • Procedures, working practices and protocols will be maintained, as detailed in ISO 27001. 

 

Responsibilities of the policy 

RIL’s Exec Team are responsible for ensuring the ISM policy is maintained, and that it will achieve these objectives whilst seeking continual improvement in efficacy and performance, based on ‘risk.’  

The Senior Leadership Team (SLT) are responsible for ensuring the correct implementation of this policy and it is the responsibility of individual employees to comply with the procedural directives of the policy. 

RIL’s Exec Team will review this policy regularly and any changes necessary as a result of this review will be implemented.