Information Security Policy

Our INFORMATION SECURITY POLICY

1. Policy Objective
   • To protect the information assets that Standing on Giants handles, stores, exchanges, processes and has access to, and to ensure the ongoing maintenance of their confidentiality, integrity and availability.
   • To ensure controls are implemented that protect information assets and are proportionate to their value and the threats to which they are exposed.
   • To ensure the organisation complies with all relevant legal, customer and other third-party requirements relating to information security.
   • To continually improve the organisation’s Information Security Management System (ISMS) and its ability to withstand threats that could potentially compromise information security.

2. Scope
   1. This policy and its sub-policies apply to all people, processes, services, technology and assets detailed in the Scope.  It also applies to all employees or subcontractors of information security critical suppliers who access or process any of the organisation’s information assets.

3. Core Policy
   • The organisation believes that despite the presence of threats to the security of such information, all security incidents are preventable.
   • The Directors of Standing on Giants are committed to achieving the objectives detailed in the policy through the following means:
     • The implementation and maintenance of an ISMS that is independently certified as compliant with ISO 27001:2017;
     • The systematic identification of security threats and the application of a risk assessment procedure that will identify and implement appropriate control measures;
     • Regular monitoring of security threats and the testing/auditing of the effectiveness of control measures;
     • The maintenance of a risk treatment plan that is focused on eliminating or reducing security threats;
     • The maintenance and regular testing of a Business Continuity Plan;
     • The clear definition of responsibilities for implementing the ISMS;
     • The provision of appropriate information, instruction and training so that all employees are aware of their responsibilities and legal duties, and can support the implementation of the ISMS;
     • The implementation and maintenance of the sub-policies are detailed in this policy.
   •  The appropriateness and effectiveness of this policy and the means identified within it, for delivering the organisation’s commitments will be regularly reviewed by Top Management.
   • The implementation of this policy and the supporting sub-policies and procedures is fundamental to the success of the organisation’s business and must be supported by all employees and contractors who have an impact on information security as an integral part of their daily work.
   •  All information security incidents must be reported to the Head of Solutions.  Violations of this policy may be subject to the organisation’s Disciplinary Policy and Procedure.

4. Sub Policy Index

• Responsibilities
• Definitions
• Associated Documents
• Acceptable Use of Assets Policy
• Access Control Policy
• Backup Policy
• Clear Desk and Clear Screen Policy
• Communication Policy
• Cryptographic Controls Policy
• Information Classification, Labelling and Handling Policy
• Mobile Devices Policy
• Protection from Malware Policy
• Protection of Personal Information Policy
• Suppliers Policy
• Teleworking Policy
• Use of Software Policy
• Policy Review

View our full Information Security Policy