Green Duck have established an Information Security Policy, which supports the strategic aims of the company, and is committed to maintaining and improving information security, and minimising exposure to risks.
It is our policy[i] to:
- Ensure the confidentiality of corporate and client information
- Protect sensitive information against unauthorised access
- Maintain the integrity of all information
- Ensure the availability of information, as required
- Provide information security training for all staff
- Ensure that the expectations and requirements of all interested parties, in relation to Information Security, are met
- Make information available for authorised business processes and employees when required
- Meet all regulatory and legislative requirements
- Produce business continuity plans for business activities that are regularly maintained and tested
- Ensure that all breaches of information security, actual or suspected, will be reported to and investigated by Green Duck security personnel and opportunities for improvement will be identified and acted upon
- Comply with the requirements of ISO 27001[ii] for information security
- Communicate this policy statement to the public, through our website and on request[iii]
[i] The policy is dynamic and includes a commitment to continual improvement through a process of incident reporting, risk assessment and regular audits.
[ii] It complements the established ISO 9001 and ISO 14001 Management Systems and provides a framework for establishing and reviewing security objectives.
[iii] Green Duck Management are responsible for communicating the company’s Information Security Policy and making sure it is understood at all levels.