The purpose of the policy is to protect all information assets of Meark and its clients from all threats, whether internal or external, deliberate or accidental.
It is the policy of Meark to ensure that:
- Information will be protected against unauthorised access
- Confidentiality of information will be assured
- Integrity of information will be maintained
- Regulatory and legislative requirements will be met
- Information Security Training will be provided
- All breaches of Information Security, actual or suspected, will be reported and investigated
- Business continuity plans are developed, maintained and tested.
- Risks are mitigated to an acceptable level through a risk management framework.
- Business requirements for the availability of information and information systems will be met.
- The Chief Information Officer has direct responsibility for maintaining the policy and providing advice and guidance on its implementation.
- All managers are directly responsible for implementing the policy within their business areas, and for adherence by their staff.
- It is the responsibility of each associate to adhere to the Information Security Management System policy.
- The information security management system is continually improved.