ISO 27001:2013 INFORMATION SECURITY POLICY STATEMENT
Introduction
The Aspect Contracts Limited Information Security Policy applies to all operations at the Head Office and where applicable on transient work sites.
The Managing Director is committed to sound secure practices in all Company operations. By signing this Information Security Policy, the Managing Director gives the approval to the Integrated Management System described in the Integrated Management System Manual and in supporting Company Processes and delegates the responsibility of the day-to-day compliance to the Group Operations Director.
Aspect Contracts Limited recognises the importance of protecting data/software and hardware and is committed to leading by example in promoting a sensitive, considered approach to its security. Aspect Contracts Limited recognises that its operations are directly impacted by infiltration into the system by unknown parties and have processes in place in preventing these actions.
The Information Security Policy of the Company is –
• To establish and maintain an Information Security Management System which satisfies the requirements of ISO 27001:2013, and any other Client specific quality requirements.
• To consistently provide information security in a manner which will satisfy Client requirements in all respects.
• To implement appropriate actions to address any risks and opportunities associated with internal / external issues, and to meet the needs and expectations of interested parties.
• To ensure all Company personnel are fully competent to conduct their assigned task.
• To strive to continually improve our services provided to Clients, through the use of this Information Security Policy, objectives, performance evaluation including audit results, corrective actions and at Management Review.
• To establish annual Information Security objectives at strategic and operational levels within the Company, which will be measured and reported upon at the management review meeting.
• To maintain documented information as objective evidence to demonstrate compliance with the Information Security Management System.
• To control & continually monitor all projects undertaken.
• To comply as a minimum with all applicable statutory and regulatory requirements.
• To review the Information Security Management System at planned intervals to ensure it is effective and achieving the stated quality policy.
• This IMS Policy Manual is further supported with additional policies and Statement of Applicability
• The Company are very aware of the critical role this accreditation has on the day to day running of the business.
The Managing Director is fully committed to the above and actively encourage a similar commitment by personnel at all levels of the Company.
This Information Security Policy is evaluated as part of the overall review of the Information Security Management System to ensure its stated objectives are met.
By signing this Information Security Policy, the Management Director gives his approval to the Information Security Management System described in this manual and in supporting Company processes.
