Management will put in place an information security policy statement appropriate to the needs of Covernet and its customers, which includes a commitment to continual improvement. The statement will be reviewed for continuing suitability and will be communicated, understood and implemented throughout Covernet.
The purpose of this information security policy is to provide requirements and controls for the protection of Covernet’s information resources, including networks, software applications, hardware and the information stored on those resources.
The aim of the information security policy is to preserve:-
The Integrated Management System will be established against the requirements of ISO27001:2013 and will be used to identify, assess and control the risks associated with information security. The overall objective is to continually improve the information security controls within Covernet. The Management Team will regularly set, evaluate, review and measure the results of identified enhancements to information security controls within a defined framework for doing so.
Whilst the Management Team retain overall responsibility for information security, all employees are responsible for ensuring that best practice is implemented at all times and for complying with the requirements of the Integrated Management System.
This policy will be subject to regular review in order to ensure that it continues to reflect the requirements of Covernet.