CTRLDOC
Information Security Statement
Information Security Statement
Ctrldoc’s management is committed to providing continuous support to achieve its Information Security Management System (ISMS) objectives and strives to develop and implement relevant and viable information security policies, procedures and controls, ensuring that:
- Information security continuity is part of the Business Continuity Plan to counteract interruptions to business activities and to protect critical business processes from the effects of major information failures or disasters.
- Information security risks are managed proactively by conducting regular risk assessments and implementing cost-effective controls to mitigate unacceptable risks identified.
- The confidentiality of information is assured, and the integrity of information is maintained.
- The availability of information and information systems is met, as required by its core and supporting business operations.
- Appropriate access control is maintained, and information is protected against unauthorised access.
- All exploits and vulnerabilities are remediated as soon as possible.
- Information security education, awareness, and training is available to Ctrldoc staff and a requirement of their employment.
- Information security incidents are promptly handled through an efficient incident management process.
- All breaches of information security, actual or suspected, will be reported to and investigated by the relevant internal teams and authorities where mandated.
- Acceptable legal and contractual requirements are met.
- Continuous proactive information security improvements are conducted with regular internal audits and management reviews.
This Statement is available to all staff and to any interested parties, as part of Ctrldoc’s commitment to its information security.
