Quicksilva Gardens

Quicksilva Information Security Policy

Objectives

To protect, to a consistently high standard, the Company information assets from a wide range of threats, whether internal or external in order to ensure business continuity and minimise the impact of adverse events on Quicksilva clients, staff and the Organisation.

Scope

Business and IT consultancy, software design, development, provision, maintenance and support in compliance with the Statement of Applicability version 02.

This information policy applies to:

  • All operations from the Langley Gate premises
  • All information assets owned or controlled by Quicksilva
  • All Quicksilva employees
  • All other personnel granted approved access to Quicksilva owned or controlled information assets

Approvals

All changes to this policy shall be approved by the Managing Director

Responsibilities

It is the responsibility of the Information Security Manager to provide direction and support for information security and ensure that employees are aware of their individual responsibilities and receive appropriate training

It is the responsibility of the Quicksilva Management Team to provide the appropriate resources are provided to implement this policy and to ensure that it is properly communicated and understood.

It is the responsibly of all Quicksilva employees to ensure that they understand and follow the Information Security Policy, guidance and procedures.

Policy Statement

Quicksilva is committed to maintaining and improving information security and minimising its exposures to risks. It is the policy of Quicksilva to use all reasonable, cost effective and practical measures to ensure that:

  • Information risks will be assessed and cost effective controls implemented
  • Information will be protected against unauthorised access and disclosure
  • The confidentiality of information will be assured
  • The integrity of information will be maintained
  • Authorised personnel, when required, will have access to relevant business systems, applications and information
  • Business continuity and disaster recovery plans for all critical activities will be produced, tested and maintained
  • Access to information and information processing facilities by third parties will be strictly controlled
  • All breaches of information security, actual or suspected, will be reported and investigated. Corrective action will be taken
  • Information security training will be available to all staff
  • Annual assessments and audit of information security policy, standards, guidance and procedures will be carried out
  • The policy will be reviewed when significant changes, affecting the organisation are introduced
  • An Information Security framework of policies, procedures and guidance will be implemented consistent with this policy