Cyber Security Policy
The purpose and objective of this Information Security Policy is to protect the company’s information assets (note 1) from all threats, whether internal or external, deliberate or accidental, to ensure business continuity, minimise business damage and maximise return on investments and business opportunities.
- The Managing Director has approved the Information Security Policy.
- It is the Policy of Bath Translations to ensure that:
- Information will be protected from a loss of: confidentiality (note 2), integrity (note 3) and availability (note 4).
- Regulatory and legislative requirements will be met (note 5).
- Business continuity plans will be produced, maintained and tested (note 6).
- Information security training will be available to all staff.
- All breaches of information security, actual or suspected, will be reported to, and investigated by, the Information Security Manager.
- Guidance and procedures will be produced to support this policy. These may include risk assessment, information classification, data protection, credit card handling (PCI), incident handling, information backup, system access, third party services (supplier due diligence), malware controls, mobile device security & remote working, passwords and encryption.
- The role and responsibility of the designated Information Security Manager (note 7) is to manage information security and to provide advice and guidance on implementation of the Information Security Policy.
- The designated owner of the Information Security Policy, Julia Tuff has direct responsibility for maintaining and reviewing the Information Security Policy.
- All managers are directly responsible for implementing the Information Security Policy within their business areas.
- It is the responsibility of each employee to adhere to the Information Security Policy.
- Information takes many forms and includes data printed or written on paper, stored electronically, transmitted by post or using electronic means, stored on tape or video, spoken in conversation.
- Confidentiality: ensuring that information is accessible only to authorised individuals.
- Integrity: safeguarding the accuracy and completeness of information and processing methods.
- Availability: ensuring that authorised users have access to relevant information when required.
- This includes the requirements of legislation such as the Companies Act, the Data Protection Act, the Computer Misuse Act and the Copyright, Design and Patents Act.
- This will ensure that information and vital services are available to users whenever they need them.
- Depending on the size and nature of the business this may be a part or full-time role for the nominated person.