This Policy sets out Xynomix (the organisation) strategic commitment to information security management. It is the policy of the organisation to ensure the confidentiality, integrity and availability of information owned by both the organisation and clients is maintained to:
Information security management shall be treated as an integral part of management activities and will be pursued in the same manner and with the same vigour as other managerial objectives.
Xynomix is committed to:
The Managing Director, with support from the organisations Directors has overall responsibility and authority to ensure that this Policy is effectively implemented and delivered. All internal personnel and suppliers are required to play an active role in the protection of the organisations assets and treat information security appropriately in order that this purpose can be achieved.
To support this Policy, subject specific policies and supporting procedures will be produced in response to changes in risks faced by the organisation, legislation, regulation, contractual obligations, and operational working practices.
Information security objectives, which are aligned with the organisations strategic business objectives, are agreed on an annual basis, supported by a set of key performance indicators (KPIs) and are monitored by the Managing Director.
The organisation recognises the need for continual improvement. The information security management system will be constantly reviewed and any changes are communicated to all relevant employees and interested parties.
Failure to comply with this policy, subject specific policies and supporting procedures, may result in disciplinary action being taken.
This Policy and the organisations performance in meeting its requirements will be monitored and reviewed by the Board as a minimum, on an annual basis.