Information Security Policy
Information Security Objectives
EveryMatrix objective of managing information security is to ensure its core and supporting business operations continue to operate with minimal disruptions.
EveryMatrix shall ensure that all information that is used or stored by EveryMatrix has absolute integrity and availability. EveryMatrix shall guarantee that all relevant information is managed and stored with appropriate confidentiality procedures in place
Information Security Policy
The purpose of this Policy is to protect the organization’s information assets from all threats, whether internal or external, deliberate or accidental.
The CEO of EveryMatrix has approved this Information Security Management System [ISMS] Policy.
It is the Policy of the organization to ensure that:
- Information should be made available with minimal disruption to staff and the public as required by the business process. This will ensure that information and vital services are available to users when and where they need them;
- The integrity of this information will be maintained. This means safeguarding the accuracy and completeness of information by protecting against unauthorized modification;
- Confidentiality of information not limited to research, third parties, personal and electronic communications data will be assured. This will ensure the protection of valuable or sensitive information from unauthorized disclosure or unavoidable interruptions;
- Regulatory and legislative requirements will be met. This will ensure that the organization remains compliant to relevant business, national and international laws;
- A Business Continuity Management Framework shall be made available and Business Continuity Plans will be produced to counteract interruptions to business activities and to protect critical business processes from the effects of major failures or disasters. Business Continuity Plans are to be maintained and tested;
- Information security education, awareness and training will be made available to staff and relevant external parties;
- All breaches of information security, actual or suspected, will be reported to, and investigated by the relevant authorities not limited to Incident Response process;
- Appropriate access control will be maintained and information is protected against unauthorized access.
Information security within EveryMatrix is managed through the Risk Management Framework.
Policies, Procedures and Guidelines not limited to Information Security will be made available in both hardcopy and online format through an intranet system to support the ISMS Policy
It is the responsibility of each member of staff to adhere to the ISMS Policy. All managers are directly responsible for implementing the ISMS Policy within their units, and for adherence by their staff.
The Management Representative is the Chief Security Officer and has direct responsibility for designing, planning, implementing and operating the ISMS within EveryMatrix. He also is involved in writing and/or managing the development of relevant policies, procedures and guidelines not limited to information security
Internal Audit Unit has direct responsibility for verifying the effectiveness of the ISMS Policy.
This ISMS Policy is subject to review when significant changes occur in the organization.