Information Security Management
Management Statement
Compliance with the GMI Information Security Policy is mandatory at all times for all staff.
All managers are directly responsible for the implementation, management and monitoring of adherence to the policy for their departments.
Policy
This policies’ aim is to protect GMI’s information assets against external and internal threats, whether accidental or deliberate in nature.
This Information Security Policy is endorsed by the managing director and senior management team.
This Policy ensures that:
- Confidentiality of information is assured.
- Integrity of information is always maintained.
- Availability of information for relevant business processes will be maintained.
- Information will be protected from unauthorised access.
- All regulatory and legislative requirements will be met.
- Information security training is provided for all employees.
- All suspected or actual security breaches will be reported, and the Information Security Manager will investigate.
- Business Continuity plans are in place.
- Information Security Objectives are in place
- The ISMS will be continually improved, and this will be driven by senior management.
The Information Security Manager is responsible for maintaining this policy.
It is communicated to all staff on behalf of the senior management by the Operations Director.
At all times, business needs for information and systems will be maintained.
This policy forms a part of the business ISO 27001 Management System and is available to all interested parties as appropriate (note g).
Management Endorsement
This policy applies to all employees, regardless of contractual status. It will be used as part of continual improvement initiatives in the business.