ISMS policy statement
This information security management system (ISMS) policy describes the company’s corporate approach to Information Security and details how we address our responsibilities in relation to this vital area of our business. As a company we are committed to satisfy applicable requirements related to information security and the continual improvement of the ISMS.
Information Security is the responsibility of all members of staff, not just the senior management team, and as such all staff should retain an awareness of the policy and its contents and demonstrate a practical application of the key objectives where appropriate in their daily duties. Our ISMS objectives are set out by the Information Security Officer and are then disseminated to each department/project for incorporation into their management roles. Each department is responsible for delivering its objectives. Yard’s Quality Objectives are as follows:
Objective 1: Existing services - Yard will continue to deliver its services to clients within a secure environment and protect any and all data with which it is entrusted.
Objective 2: Development - Yard will conduct annual risk assessments to ensure that risk to information in the care of Yard is minimised or eliminated.
Objective 3: GDPR – Yard will operate its services assuring adherence to GDPR for both Yards customer data and client customer data.
Objective 4: Maintain ISO27001 certification.
We also make the details of our policy known to all other interested parties including external where appropriate and determine the need for communication and by what methods relevant to the information security management system. These include but not limited to customers and clients and their requirements are documented in contracts, purchase orders and specifications etc.
Verification of compliance with the policy will be verified by a continuous programme of internal and external audits.
Signed: Paul Newbury
Chief Data Officer & DPO
Last Edit: 16/10/2024
Version 1.5