SYNETIQ recognises the importance of information security and are committed to maintaining the confidentiality, integrity and availability of the information that we store and process and to provide robust security in the services we provide to our Customers.
In support of this commitment this Policy sets out the Information Security requirements and obligations applicable to all individuals employed or engaged by SYNETIQ. Including full and part time Employees, third-party Contractors and suppliers.
The SYNETIQ leadership team are accountable for the direction and implementation of this policy and to ensure both awareness and compliance across the organisation.
Under direction of the leadership team the SYNETIQ Security Controller (SC) is responsible for enforcing adherence, compliance levels and agreed exceptions to this policy.
The SC must also ensure that the requirements and obligations mandated by the policy remain relevant and commensurate in the face of new and evolving risks. As a minimum the SC shall review this policy on an annual basis. To ensure compliance, individuals must always refer to the latest iteration of this policy and any referenced processes and procedures.
All individuals are required to report any suspected or identified instances or behaviours of non-compliance to this policy immediately to the SC.
The scope of this policy includes:
- Data classification and handling
- Protection of information and assets
- External suppliers
- Physical security
- Acceptable use
- Information storage
- Business continuity
- Software use and licensing
- User management
- Password requirements