Information Security Policy

Information Security Policy

Agile Project Software Co has produced this Information Security Policy in order to demonstrate our commitment to respecting the security of the information we collect and process. The policy below outlines our processes and the management of such information.

Scope
Management direction and support for information security in accordance with business requirements and relevant laws and regulations.

Purpose
The overall purpose of this policy is to protect from all threats, whether internal or external, deliberate or accidental, the information assets of Agile Project Software Co and its clients. The Company is committed to ensuring the security and integrity of all data.
This policy has been designed to emphasise the importance that Agile Project Software Co places upon the security of its own property, client property, confidential information and electronic systems.
This policy is also designed to protect the Company’s electronic security systems and therefore to ensure the security of its computer equipment, software and physical property including its premises and property held by third parties who hold property belonging to Agile Project Software Co.  It covers all aspects of the Company’s security or electronic equipment that it is designed to protect including, but not limited to, entry codes, electronic codes, keys and alarm systems as well as the Company’s computer equipment, and networks.

Responsibilities
The Directors are responsible overall for approving and authorising the issue of the Information Security Policy and identifying opportunities for continuous improvements.
The Information Security Manager is responsible for informing the Directors of any changes required and identifying opportunities for continuous improvement to the Information Management System.  The Information Security Manager ensures that the most recent version of the policy is distributed and made available to all staff and external interested parties, as required.
All personnel are expected to take all reasonable steps to protect confidential data and comply with the Company’s Information Security Management System. All personnel should take reasonable steps to ensure the safety and security of data.  This includes, but is not limited to specific steps in the following areas: –

Objectives
The implementation of this policy is important to maintain and demonstrate our integrity in our dealings with customers and suppliers.
Agile Project Software Co has identified overall Information Security Company objectives which include:

Applicability
All Agile Project Software Co. personnel and suppliers including third parties, employed under a contract or who have any involvement with information assets covered by the scope of the Information Security Management System, are responsible for implementing this policy and shall have the support of the Directors, who have approved this policy.

Goals
To identify through appropriate risk assessment, the value of information assets, to understand their vulnerabilities and the threats that may expose them to risk. To manage the risks to an acceptable level through the design, implementation and maintenance of a formal Information Security Management System and in order to provide the highest levels of service, Agile Project Software Co operates an Information Security Management system which is compliant with BS ISO/IEC 27001:2013 (ISMS). Our ISMS Scope and procedures are Internally Audited and Risk Assessed to ensure continued conformance and results are reviewed and evaluated regularly by the Management Meeting.

Legal and Other Requirements
We comply with all aspects of information security, legal and other requirements.
This policy and supporting policies apply to all information held in both manual and electronic form, as required and are communicated to all employees and relevant external parties.  All personnel have a responsibility for reporting security incidents and any identified weaknesses/incidents.
The policy has been approved by the Directors and is reviewed annually or sooner should a significant change occur in order to ensure its continuing suitability, adequacy and effectiveness.