Information Security Policy
Policy Statement
Inspectivity is a provider of B2B SaaS solutions that involve the use of confidential information and processing client data. Inspectivity holds its own privileged information secure and is also committed to the protection of all client information.
This Policy mandates that a consistent, risk-based approach is implemented for Information Security to maintain information confidentiality, integrity and availability.
It is the policy of Inspectivity to ensure:
- The IS Policy is an accurate reflection of the business context and considers our strategic direction and all relevant factors both internal and external;
- Information will be protected against unauthorised access while in transit or at rest;
- Confidentiality of information will be maintained;
- Information will not be disclosed to unauthorised persons through deliberate or careless action;
- The integrity of information is maintained through protection from unauthorised modification;
- Availability of information to authorised users when needed;
- Information security (IS) training is completed by all Staff;
- All suspected breaches on Information Security will be reported and investigated.
Any individual dealing with information at Inspectivity, no matter what their status (e.g. Employee, Contractor, or Consultant), must comply with the information security policies and related Information Security documents.
Strategies to achieve the aims of this policy include:
- Ensure measurable objectives are established, communicated, monitored and reviewed for effectiveness by the Management Team in the annual Management System Review Meeting. Corrective actions will be taken as required based on deviations from our objectives. Our objectives are agreed upon collectively. Individual teams are then empowered to deliver results, with delegated accountability and decision making;
- Ensure all non-conformances and corrective/preventative actions are documented and reviewed at least quarterly;
- Ensure Information Security is addressed for all projects, regardless of type, by way of risk assessments and objectives;
- Educate Staff to allow them to independently make informed decisions with regards to the secure handling of IT assets and information, within the framework of the total range of information security policies;
- Defend IT assets and information that Inspectivity governs, owns, manages, maintains or controls which are both tangible and intangible;
- Continually improve the Quality and Information Security Management System Manual (QISMS) through regular monitoring and reviews. Corrective measures shall be determined, allocated and recorded for follow up;
- Comply with legislation and industry best practices including ISO 27001:2015 that apply to Inspectivity.
All personnel have a responsibility to report perceived and actual IS breaches and/or IT incidents either to the Director or to their immediate supervisor. Management and employees are responsible for embedding IS risk management in our core business activities, functions and processes. IS risk awareness and our tolerance for risk are key considerations in our decision-making.