ISMS Policy
Date: 01/01/2023
The IMIS Policy of Concept Management Consultants Ltd is to determine, agree & conform to our Client’s needs & expectations, whilst fulfilling the requirements of ISO 27001 and statutory law.
Concept Management Consultants Ltd recognises that to be competitive & maintain good economic performance in the equipment and data cleansing/destruction services industry we must employ management systems that continually improve the Information Security of our products & services that in turn increases the satisfaction of our clients, employees, shareholders, suppliers & society at large.
The key objectives of 27001 is that the Management System provides: –
- Concept Management Consultants Ltd incorporating senior representatives from all Concept Management Consultants Ltd departments, is charged with the management and approval functions associated with the ISMS.
- The Concept Management Consultants Ltd is charged with establishing and continually improving the ISMS.
- The Concept Management Consultants Ltd will provide the framework for setting objectives and establishing an overall sense of direction of principles for action with regard to security.
- The ISMS will take into account business and legal or regulatory requirements and contractual security obligations.
- The approach to information security will be based on risk, as per the ISO 27001 standard and best practice.
- The ISMS procedures will establish risk evaluation criteria that are aligned with the current Concept Management Consultants Ltd approved corporate strategic risk management procedures and policies.
- The creation of the ISMS will include listing all information assets and the security risks that may arise for each. The resultant information will inform Concept Management Consultants Ltd of prospective mitigation priorities.
- This ISMS policy covers all policies and procedures material to security including those listed in appendices A-B of the ICT Security Policy.
- The Concept Management Consultants Ltd will periodically review Concept Management Consultants Ltd current practices, policies and guidance to recommend any changes or improvements to ensure we apply appropriate security measures.
- We are conscious that the motivation of our employees is dependent on their training and understanding of the tasks they are expected to perform. It is part of our on-going training programme that this policy is communicated and understood at appropriate levels in the Company.
Information Security is the responsibility of all employees of the company.
Reviewed 30th June 2023