Information and personal data security policy statement
It is the policy of Brookcourt Solutions Limited to provide a secure service to our customers and to comply with the BS/IEC 27001:2013 standard and any applicable legislation.
Brookcourt ensures all information stored and processed by the company, or on behalf of the company, is securely protected against the consequences of breaches of confidentiality, failures of integrity or interruptions to the availability of that information.Information is an asset which, like other important business assets, has value to an organisation and consequently needs to be suitably protected. Information security protects information from a wide range of threats in order to ensure business continuity, minimise business damage and maximise return on investments and business opportunities.All types of information; printed or written on paper, stored electronically, transmitted by post or using electronic means, shown on films, or spoken in conversation, and the means by which it is shared or stored, is always appropriately protected.We aim to continually improve the effectiveness of our management system and our performance by:
- Reviewing our management system on a regular basis and encouraging employees to review their working practices and suggest methods for improvement where appropriate.
- Implementing specific information security objectives and targets that are regularly monitored, reviewed and reported in our Management Review meetings where the ongoing suitability of this policy is reviewed.
- Confidentiality – ensuring information is accessible only to those authorised to have access
- Integrity – safeguarding the accuracy and completeness of information and processing methods
- Availability – ensuring authorised users have access to information and associated assets when required
Information security objectives are achieved by the implementation of a set of technical, physical and managerial controls, supported by policies, procedures and guidelines.This policy is issued and explained to all employees upon commencement of employment with the company, and is available to all other relevant interested parties. Any revisions will be incorporated when necessary and be brought to the attention of all applicable interested parties.