Phew Information Security Policy
Phew’s Information Security Management System (ISMS) policy ensures confidentiality, integrity, security and availability of internal, customer and supplier information.
The ISMS is achieved through understanding the risks and opportunities that may impact information within the business and use a number of controls, including policies, processes, procedures, software, and hardware functions to manage these issues.
These controls are continually monitored, reviewed and improved to ensure that specific security and business objectives are met and continual improvements are made to the management system. This is operated in conjunction with other business management processes and incorporates the applicable statutory and contractual requirements.
Objectives have been defined primarily through the SWOT and PESTLE, although some may come from the information security risk assessment and the Management Review; they are designed to drive the management system forward and bring about continual improvement. Objectives will be focused on improving confidentiality, integrity and availability.
The Information Security Management system have been designed to address legislation as listed in the legal register.
Information Security is controlled through the preservation of:
Confidentiality: ensuring that information is accessible only to those authorised to have access;
Integrity: safeguarding the accuracy and completeness of information and processing methods;
Availability: ensuring that authorised users have access to information and associated assets.
Phew operates a programme of information security awareness and compliance through company inductions, training and internal audits.
All employees are empowered to identify any potential security weaknesses and /or incidents and report through the appropriate management channels.
A robust system is in place to continually improve the security controls to:
- Take account of changes to business requirements and priorities;
- Consider new threat and vulnerabilities
- Confirm that controls remain highly effective and appropriate