Information Security Policy
The purpose of this document is to define the role that Digital Dragons IT’s Director takes in ensuring commitment to information security, the development and propagation of this policy, and the assignment of appropriate information security roles, responsibilities and authorities to protect Digital Dragons IT’s assets from all relevant threats, whether internal or external, deliberate or accidental.
Digital Dragons IT, which provides IT Support and services, is committed to preserving the confidentiality, integrity and availability of all the physical and electronic information assets (information assets include data or other knowledge stored in any format on any system that has value to an organisation, and should be logged) throughout the organisation in order to compete in the marketplace and maintain its legal, regulatory and contractual compliance and commercial image.
- Roles and responsibilities
- The Director is responsible for setting and approving the Information Security Policy.
- The Director is responsible for ensuring that roles, responsibilities and authorities are appropriately assigned, maintained and updated as necessary.
- All employees and 3rd parties working with Digital Dragons IT are responsible for adhering to the requirements of the Information Security Policy and for fulfilling any duties related to assigned roles, responsibilities or authorities.
- Policy objectives
It is the policy of Digital Dragons IT that:
- Information is made available to all authorized parties with minimal disruption to the business processes. Information is shared securely and only with others who need access.
- The integrity of this information is maintained at all times and updated as required.
- The confidentiality of information is preserved. Please ensure that information is securely saved within Digital Dragons IT Systems and is not shared with others who don’t need access.
- The organisation ensures compliance with all legislation, regulations and codes of practice, and all other requirements applicable to its activities.
- Appropriate information security objectives are defined and, where practicable, measured using the SMART (Specific, Measurable, Achievable, Realistic and Timed) principles. Objectives are planned and documented, inclusive of how each is to be achieved and actions required. Subsequently, the objectives are regularly monitored and reviewed.
- Appropriate business continuity arrangements are in place to counteract interruptions to business activities and these take account of information security. We ensure that daily offsite backups are performed in the event of a disaster. Data is recoverable.
- Appropriate information security education, awareness and training is available to staff and relevant others working on the organisation’s behalf. All machines accessing our systems should be free of viruses, malware, keyloggers and such. All devices should be using an up to date security program. You should be wary of any links in emails and any emails portraying to be from clients requesting access to systems. All requests should be manually checked with phone calls to management of the clients to confirm their request.
- Breaches of information security or security incidents, actual or suspected, are reported and investigated through appropriate processes. Please contact James Fouracre who will look into it and is the ICO Officer for Digital Dragons IT.
- Appropriate access control is maintained and information is protected against unauthorised access. Ensure that access is only granted to those who need access at the time.
- The organisation maintains a management system that will achieve its objectives and seeks continual improvement in the effectiveness and performance of the management system based on risk.
- The organisation maintains awareness for continual improvement, and the ISMS is regularly reviewed at planned intervals by the senior management team to ensure it remains appropriate and suitable for the business.
This policy is approved by senior management and is reviewed at regular intervals or upon significant change.
This policy is communicated to all staff within Digital Dragons IT and is available to customers, suppliers, stakeholders and other interested parties upon request.
James Fouracre is the owner of this document and is responsible for ensuring that this procedure is reviewed.
A current version of this document is available to all members of staff on the company website and is published https://digitaldragons.co.uk/information-security. This policy was approved by the Director and is issued on a version-controlled basis.
Signature: James Fouracre Date: 25.05.2022
Change history record
Description of change
Date of change