Quicksilva’s Information Security Management System is certified to ISO27001:2013.
- To protect, at a consistently high standard, the Company information assets from a wide range of threats, whether internal or external in order to ensure business continuity; and
- To minimise the impact of adverse security events on Quicksilva customers, staff and the Organisation.
Business and IT consultancy, software design, development, provision, maintenance and support in compliance with the Statement of Applicability. This Information Security Policy applies to:
- All operations from the Langley Gate premises
- All information assets owned or controlled by Quicksilva
- All Quicksilva people
- All other third parties granted approved access to Quicksilva owned or controlled information assets
The Managing Director
It is the responsibility of the Managing Director to:
- provide direction and support for information security and ensure that employees are aware of their individual responsibilities and receive appropriate training;
- investigate security incidents as per the Security Incident Management Procedure; and
- report any incidents of data loss, corruption, modification, or exposure to Personal Data, including Patient Identifiable Data to the Board immediately.
It is the responsibility of the Quicksilva Management Team to:
- provide the appropriate resources to implement this policy; and
- to ensure that it is properly communicated and understood.
It is the responsibility of all Quicksilva people to:
- ensure that they understand and follow the Information Security Policy, guidance and procedures;
- report security incidents to as per the Security Incident Management Procedure.
Quicksilva is committed to maintaining and improving Information Security and minimising its exposures to risks. A framework of policies, procedures, standards and guidance will be implemented consistent with this Policy. Quicksilva will use all reasonable, cost effective and practical measures to ensure that:
- Information Security risks are identified and assessed to determine the likelihood and probability of an event occurring. Cost effective preventative controls will be implemented for qualified risks;
- Information will be marked to denote the level of sensitivity and protected against unauthorised access and disclosure;
- The confidentiality of information will be assured and disposed of securely and in line with legislative requirements
- The integrity and availability of information will be maintained;
- Critical infrastructure security controls will be regularly assessed;
- Authorised personnel, when required, will have access to relevant business systems, applications and information;
- Business continuity and disaster recovery plans for all critical activities will be produced, tested and maintained;
- Business relationships with third parties will be managed consistently and with sufficient security controls in place to safeguard/protect information and other assets;
- All breaches of security, actual or suspected, will be reported and investigated. Corrective action will be taken and preventative measures will be implemented where applicable;
- Information security training for all staff will take place to ensure an adequate level of awareness;
- Annual assessments and regular audits of information security policy, standards, guidance and procedures will be carried out.
Information Security Management Review
- This Policy will be reviewed when significant changes, affecting the organisation are introduced; and
- Management review of the Information Security Management System (ISMS) will take place at regular intervals and a full review at least annually, to ensure that the ISMS:
- continues to represent Quicksilva’s Information Security Policy and practices;
- continues to improve;
- continues to add value; and
- is updated following audit outcomes.
Interim releases of revised forms or individual procedures may be released at the discretion of the Corporate Assurance Manager.
The Information Security Policy is made available upon request to interested parties.