Introduction
This policy documents Ikon Science’s commitment to information security, continual improvement and satisfying applicable information security requirements of its interested parties such as employees, clients, partners and suppliers.
Information Security Statement
Recognising that the security of information entrusted to us by our clients, employees and partners is of paramount importance, we ensure the confidentiality of that information through policies, processes and controls to provide our stakeholders with the assurance that their information is in safe hands.
Policy
PRINCIPLES
Ikon Science is committed to the development, implementation and maintenance of an Information Security Management System (ISMS) that:
- Provides assurance within the company and to our clients, partners and suppliers that the confidentiality, integrity and availability of their information will be maintained appropriately;
- Manages information security risks to all company and customer information assets;
- Protects the company’s ongoing ability to meet contracted commitments through appropriate Business Continuity Management;
- Bases information security decisions and investments on the risk assessment of relevant information assets considering confidentiality, integrity and availability;
- Considers business and legal or regulatory requirements and contractual security obligations;
- Maintains awareness of all employees so that they can identify and fulfil contractual, legislative and company specific security management responsibilities;
- Minimises the business impact of and deals effectively with security weaknesses and incidents;
- Meets the requirements of any other interested parties not already specified;
- Complements and complies with existing management systems within Ikon
THE POLICY IN OPERATION
This policy is supported by the following objectives:
- Implementation of a company-wide Information Security Management System that is fully compliant with and independently certified to the ISO 27001 international standard for information security;
- Implementation of an Information Security Risk Assessment Process that assesses the business harm likely to result from a security failure and the realistic likelihood of such a failure occurring in the light of prevailing threats and vulnerabilities and controls currently in place;
- Development and implementation of a Business Continuity Plan to counteract disruptions to business activities and to protect critical business processes from the effects of major failures or disasters;
- Defined physical and logical access controls to prevent unauthorised access, damage to and interference with business premises and information;
- A senior management team that supports the continual review and improvement of the Information Security Management System and its components;
- Information security awareness guidance for all company employees;
- General policies and processes for the protection of corporate information as well as employee, client and supplier information;
- Implementation of incident management and escalation procedures for reporting and investigating information security incidents for review and action.