dotdigital Information Security
Policy – February 2020
AIM & PURPOSE |
We have defined our commitment to protecting information with our Information Security Management System (ISMS); which ensures confidentiality, integrity, and availability of internal, customer and supplier information. The ISMS has been designed to address the legal requirements identified and listed in our Legislation Reregister. |
Our ISMS effectiveness is achieved through understanding the risks and opportunities that may impact information within our business, and by using a number of controls including policies, processes, procedures, software, and hardware functions, and by managing these in ways that stakeholders would expect, and that continue to drive future benefit to our business. |
These controls are continually monitored, reviewed and improved to ensure that specific security and business objectives are met. This is operated in conjunction with other business management processes and incorporates the applicable statutory and contractual requirements. |
Objectives have been defined primarily through the SWOT and PESTLE, although some may come from the information security risk assessment and the Management Review; they are designed to drive the management system forward and bring about continual improvement. Objectives will be focused on improving Information Security controls. |
Information Security is controlled through the preservation of: |
CONFIDENTIALITY: | ensuring that information is accessible only to those authorised to have access; | ![]() |
INTEGRITY: | safeguarding the accuracy and completeness of information and processing methods; | |
AVAILABILITY: | ensuring that authorised users have access to information and associated assets. |
We operate a programme of information security awareness and compliance through company inductions, training and internal audits. |
All our employees are empowered to identify any potential security weaknesses and/or events which could be Information Security Incidents and report through the appropriate management channels. |
A robust system is in place to continually improve the security controls by: |
|
The overall intent of our management system is to give customers and all other interested parties confidence in our ability to protect all information held and processed by our business. |