Information Security Policy
IPRO acknowledges the role of information security as critical to the continuity and controlled provision of our services to
clients, contractors, employees, and all stakeholders.
IPRO’s Information Security Policy is based on the following principles:
-
The Information Security Policy is an integral factor in achieving the desired level of Client satisfaction and must take a high priority in all our operations.
-
Adherence to our Information Security Policy and related processes, procedures and directions is the responsibility of all team members.
In keeping with our Information Security principles, iPRO will:
-
Establish, maintain and continually improve an information security management system (the ISMS) which complies with the requirements of ISO 27001:2022.
-
Comply with and, where practicable, exceed the requirements of relevant information security, regulations and standards.
-
Establish a security team to ensure that there is clear direction and visible management support for security initiatives and promote security through appropriate commitment and adequate resourcing. The security team shall devise, coordinate, monitor and measure the implementation of information security controls to ensure the ongoing effectiveness of the ISMS.
-
Establish a framework for achieving specific information security objectives. Objectives will be defined and reviewed annually for alignment with our overall business strategy and risk management framework.
-
Ensure our team, suppliers, contractors and other key stakeholders are aware of, comply with and are able to respond to their ISMS responsibilities.
-
Assign the responsibility for ensuring the protection of information systems and ensuring that specific security processes are carried out to the assigned owner of each information system.
-
Establish processes to handle any information security incidents effectively.
-
Ensure training is provided periodically to all team members on information security relative to their responsibilities, and specialist advice on information security is made available throughout the organisation.
-
Regularly review and update this policy to ensure that it remains appropriate in the light of any relevant changes to the law, organisational policies, or contractual obligations, and obtain management approval for such changes.
-
Review the implementation of the information security policy independent of those charged with its implementation.
-
Continually improve the Information Security Management System.
-
Comply with all our legal requirements and client contractual requirements and ISO 27001:2022 for systems within the compliance scope defined by management.
-
Review the Information Security Risk Register at least annually and as otherwise deemed necessary.
-
Ensure the effectiveness of the Information Security Policy is reviewed at least annually in the Management Review
-
Meeting and a general audit is conducted annually.
-
Make the IPRO Information Security Policy available to our clients and other interested parties.
Last updated: 29/2/2024