Information Security Policy

 

  • Introduction

 

 

The management of Novative is fully committed to the effective management of information security and the protection of the confidentiality, integrity and availability of all information assets and related and supporting assets.

The company maintains an Information Security Management System (ISMS) based upon, and compliant with, the ISO 27001:2013 Information Security Management Systems standard.

    1. Scope

 

This policy applies to all information assets and business activities and to all employees, consultants, associates and third parties.

 

    1. Information Security Objectives

 

The security in terms of confidentiality, integrity and availability of information are recognised as critical to the operation and administration of Novative and to the ongoing growth of the company.

Novative has developed the following high-level information security objectives aligned with business objectives.

      1. Provide assurance to all stakeholders / Interested parties that information assets are adequately protected by maintaining the ISMS and ISO 27001:2013 certification.
      2. Manage risk efficiently and continuously.
      3. Protect the company, our customers, employees and third parties against information security threats.
      4. Ensure compliance to all applicable regulatory, legal and contractual requirements including the GDPR and all applicable data protection legislation.

It is the policy of the company that we will:

      • Secure information based on the three founding principles of Information Security Confidentiality, Integrity and Availability.
      • Ensure that information is accessible only to those authorised to have access i.e. on “Need to know basis.”.
      • Promote a culture of information security across the company and ensure that all employees are fully aware of their responsibilities.
      • Maintain proactive and effective risk management and associated controls in order to minimise the risks of security incidents and breaches.
      • Continually improve the management of information security.
      • Apply appropriate due diligence in relation to information governance and security in all aspects of the business.

 

    1. Reporting Security Incidents

 

All employees, contractors, temporaries are responsible for immediately reporting any suspected security incidents to the information security officer through email at security@novative.com.

 

    1. Responsibilities

 

It is the responsibility of the CEO to maintain and review this policy.

It is the responsibility of all employees to be aware of and comply with this policy and all associated ISMS policies and procedures.

Any non-compliance with this policy may be subject to disciplinary procedures.

It is the responsibility of the Information security officer to review this policy and ensure that it is published to all employees.

 

    1. Review

 

This policy is reviewed at least annually as part of management review and in response to organisational, legislative/regulatory or contractual changes or security incidents/breaches as appropriate.