Information Security Policy

Information Security Policy

A safe and secure working environment is fundamental to business success and we seek to protect our personnel, physical assets, information, company and customers’ reputation from harm.

Purpose:

This document outlines ByBox’s commitment to information security. It outlines our approach, implementation of the Information Security Management System (ISMS) and how this is verified by external certification to ISO 27001:2013 standard.

Implementation – We will:

Identify and regularly assess security threats to business operations and manage associated risks.

  • Define and implement specific controls and procedures to ensure the confidentiality, availability and integrity of all forms of business and personal data.
  • Develop and maintain effective Security Management processes to mitigate or minimise identified risks by the use of proactive and cost effective measures and procedures.
  • Protect all company assets, including personnel, corporate reputation, business information and systems, physical property and key business processes from harm.
  • Record, analyse and investigate all reported security incidents and irregularities to develop improvements to prevent their recurrence.
  • Consider security in all aspects of business operations and planning.
  • Expect a positive commitment to security by all levels of management and provide sufficient resources commensurate with the assessed risks.
  • Conduct security operations in compliance with ByBox’s business principles, national legal requirements and international standards. Where practical we will improve on the performance standards specified.
  • Produce and test response, contingency and business interruption plans to cover all foreseeable events to minimise the impact of any incident or emergency and train personnel in their effective and efficient implementation.
  • Introduce and maintain active programmes to develop security awareness and responsibility among all employees and contractors.
  • Ensure compliance with this policy through a process of education, training, review and audit.

This Security Policy will be made available to employees, customers, suppliers and the public.

Click here for a copy of this policy.