Quicksilva’s Information Security Management System is certified to ISO27001:2013.

Information Security

xUKAS-Colour-Certification.jpg.pagespeed.ic.X3FxEopMps

Objectives

To protect, at a consistently high standard, the Company information assets from a wide range of threats, whether internal or external in order to ensure business continuity; and
To minimise the impact of adverse security events on Quicksilva customers, staff and the Organisation.

Scope

Business and IT consultancy, software design, development, provision, maintenance and support in compliance with the Statement of Applicability version 5.0. This Information Security Policy applies to:

All operations from the Langley Gate premises
All information assets owned or controlled by Quicksilva
All Quicksilva people
All other third parties granted approved access to Quicksilva owned or controlled information assets

Authorised By

Operations Director

Responsibilities

It is the responsibility of the Operations Director to:

provide direction and support for information security and ensure that employees are aware of their individual responsibilities and receive appropriate training;
investigate security incidents as per the Security Incident Management Procedure; and
report any incidents of data loss, corruption, modification, or exposure to Personal Data, including Patient Identifiable Data to the Board immediately.

It is the responsibility of the Quicksilva Management Team to:

provide the appropriate resources to implement this policy; and
to ensure that it is properly communicated and understood.

It is the responsibility of all Quicksilva people to:

ensure that they understand and follow the Information Security Policy, guidance and procedures;
report security incidents to as per the Security Incident Management Procedure.

Policy Statement

Quicksilva is committed to maintaining and improving Information Security and minimising its exposures to risks. A framework of policies, procedures, standards and guidance will be implemented consistent with this Policy. Quicksilva will use all reasonable, cost effective and practical measures to ensure that:

Information Security risks are identified and assessed to determine the likelihood and probability of an event occurring. Cost effective preventative controls will be implemented for qualified risks;
Information will be marked to denote the level of sensitivity and protected against unauthorised access and disclosure;
The confidentiality of information will be assured and disposed of securely and in line with legislative requirements
The integrity and availability of information will be maintained;
Critical infrastructure security controls will be regularly assessed;
Authorised personnel, when required, will have access to relevant business systems, applications and information;
Business continuity and disaster recovery plans for all critical activities will be produced, tested and maintained;
Business relationships with third parties will be managed consistently and with sufficient security controls in place to safeguard/protect information and other assets;
All breaches of security, actual or suspected, will be reported and investigated. Corrective action will be taken and preventative measures will be implemented where applicable;
Information security training for all staff will take place to ensure an adequate level of awareness;
Annual assessments and regular audits of information security policy, standards, guidance and procedures will be carried out.

Information Security Management Review

This Policy will be reviewed when significant changes, affecting the organisation are introduced; and
Management review of the Information Security Management System (ISMS) will take place at regular intervals and a full review at least annually, to ensure that the ISMS:
- continues to represent Quicksilva’s Information Security Policy and practices;
- continues to improve;
- continues to add value; and
- is updated following audit outcomes.

Interim releases of revised forms or individual procedures may be released at the discretion of the Corporate Assurance Manager.

A hard copy of the current Information Security Policy will be signed by the Managing Director and displayed in a prominent position in the office.

The Information Security Policy is made available upon request to interested parties.

Version: 7.3

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.