Information Security Policy
The Board of Directors and management of M Integrated Solutions PLC located at Home House 10 Church Street Isleworth TW7 6DA, which Operates in the Public/Private Sector and is a creative Agency and Live events Business are committed to preserving the confidentiality, integrity and availability of all the physical and electronic information assets throughout their organisation.
It is the core objective of M-IS PLC to ensure that:
Information should be made available with minimal disruption to staff as required by M-IS PLC business processes;
The Confidentiality, integrity and availability of this information will be maintained;
Confidentiality, integrity and availability of information not limited to research, third parties, personal and electronic communications data will be assured;
Legislative/Contractual requirements will be met;
M-IS PLC will adopt Business Continuity processes to counteract interruptions to M-IS business activities and to protect critical business processes from the effects of major failures or disasters;
All breaches of information security, actual or suspected, will be reported in accordance with M-IS Technology best practice guidelines document;
Appropriate control will be maintained and M-IS PLC information assets are protected against unauthorised access, which can include physical, technical, procedural and environmental measures.
All M-IS PLC employees and, where relevant, contractors and third party users should receive appropriate awareness training and regular updates in M-IS PLC policies and procedures, as relevant for their job function.
The M-IS ISMS will be reviewed annually and will always be the subject of continual improvement and maturity of controls.
In addition, the M-IS PLC ISMS Policy will provide management direction to M-IS PLC Users and demonstrate management’s active involvement in supporting the policies and procedures that will be required to protect M-IS PLC information assets (as defined in the M-IS ISO 27001 ISMS Scope).
In order to preserve its competitive edge, cash-flow, profitability, legal, and contractual obligations and commercial image. Information and information security requirements will continue to be aligned with M Integrated Solutions’s goals and the ISMS is intended to be an enabling mechanism for information sharing, for electronic operations, and for reducing information-related risks to acceptable levels.
M Integrated Solutions’s PLC current risk management framework along with interested parties provides the context for identifying, assessing, evaluating and controlling information-related risks through the establishment and maintenance of an ISMS. The Risk Assessment, Statement of Applicability and Risk Treatment Plan identify how information-related risks are controlled. The Information Security Manager is responsible for the management and maintenance of the risk treatment plan. Additional risk assessments may, where necessary, be carried out to determine appropriate controls for specific risks.
In particular, business continuity and contingency plans, data backup procedures, avoidance of viruses and hackers, access control to systems and information security incident reporting are fundamental to this policy. Control objectives for each of these areas are contained in the Manual and are supported by specific documented policies and procedures.
M Integrated Solutions PLC aims to achieve specific, defined information security objectives, which are developed in accordance with the business objectives, the context of the organisation, the results of risk assessments and the risk treatment plan.
All Employees/Independent Professionals of M Integrated Solutions PLC and certain external parties identified in the ISMS are expected to comply with this policy and with the ISMS, that implements this policy. All Employees/Independent professional’s and certain external parties will receive appropriate training. The consequences of breaching the information security policy are set out in the Organization’s disciplinary policy and in contracts and agreements with third parties.
The ISMS is subject to continuous, systematic review and improvement.
M Integrated Solutions PLC has established the Information Governance Group , chaired by the Information Security Manager Senior members from each department and other senior management to support the ISMS framework and to periodically review the security policy and to contribute to its continual improvement.
M Integrated Solutions is committed to achieving and maintaining certification of its ISMS to ISO27001:2013.
This policy will be reviewed to respond to any changes in the risk assessment or risk treatment plan at least annually.
In this policy, ‘information security’ is defined as: Preserving This means that management, all full time or part time Employees/Independent Professional’s, sub-contractors, project consultants and any external parties have, and will be made aware of, their responsibilities (which are defined in their job descriptions or contracts) to preserve information security, to report security breaches (in line with the policy and procedures identified in Section 16 of the ISMS Manual) and to act in accordance with the requirements of the ISMS. All Employees/Independent Professional’s will receive information security awareness training. Confidentiality This involves ensuring that information is only accessible to those authorised to access it and therefore to preventing both deliberate and accidental unauthorised access to M Integrated Solutions’s PLC information and its systems including its network, website. Integrity This involves safeguarding the accuracy and completeness of information and processing methods, and therefore requires preventing deliberate or accidental, partial or complete, destruction or unauthorised modification, of either physical assets or electronic data. M Integrated Solutions PLC must comply with all relevant data-related legislation in those jurisdictions within which it operates. The company shall obey all matters relating to the data protection act and will keep backup copies of all data that it processes. Availability This means that information and associated assets should be accessible to authorised users when required and therefore physically secure. The MASADC Infrastructure must be resilient and M Integrated Solutions PLC must be able to detect and mitigate any incidents or breaches of the system (such as viruses and other malware) that threaten the continued availability of assets, systems and information. There must be appropriate business continuity plans Physical assets The physical assets of M Integrated Solutions PLC including, but not limited to, computer hardware, data cabling, telephone systems and smartphones. Information assets The information assets include information printed or written on paper, transmitted by post or shown in films, or spoken in conversation, as well as information stored electronically on servers, websites, PCs, laptops, mobile phones and PDAs, as well as on CD ROMs, USB sticks, and any other digital or magnetic media, and information transmitted electronically by any means such as FTP. In this context, ‘data’ also includes the sets of instructions that tell the system(s) how to manipulate information (i.e. the software: operating systems, applications, utilities, etc).