Cyber security policy
Cyber security policy
The purpose and objective of this Information Security Policy is to protect the company’s information assets from all threats, whether internal or external, deliberate or accidental, to ensure business continuity, minimise business damage and maximise return on investments and business opportunities.
- The Managing Director has approved the Information Security Policy.
- It is the Policy of Kash Global Ltd to ensure that:
- Information will be protected from a loss of: confidentiality, integrity and availability.
- Regulatory and legislative requirements will be met.
- Business continuity plans will be produced, maintained and tested.
- Information security training will be available to all staff.
- All breaches of information security, actual or suspected, will be reported to, and investigated by, the Managing Director.
- Guidance and procedures will be produced to support this policy. These may include information classification, data protection, incident handling, system access, third party services (supplier due diligence), malware controls, mobile device security & remote working, passwords and encryption.
- The Managing Director has direct responsibility for maintaining and reviewing the Information Security Policy.
- All managers are directly responsible for implementing the Information Security Policy within their business areas.
- It is the responsibility of each employee to adhere to the Information Security Policy.
- Information takes many forms and includes data printed or written on paper, stored electronically, transmitted by post or using electronic means, stored on tape or video, spoken in conversation.
- Confidentiality: ensuring that information is accessible only to authorised individuals.
- Integrity: safeguarding the accuracy and completeness of information and processing methods.
- Availability: ensuring that authorised users have access to relevant information when required.
- This includes the requirements of legislation such as the Companies Act, the Data Protection Act, the Computer Misuse Act and the Copyright, Design and Patents Act.
- This will ensure that information and vital services are available to users whenever they need them.