Information security policy statement 2024
This policy statement outlines the Ten Thousand Hours Directors’ endorsement and intent for Information Security Management System (ISMS) within Ten Thousand Hours. Its purpose is to communicate our ISMS expectations to all those delivering services upon our behalf or working on our premises or onsite.
Some aspects of our operations, including handling personal data and having privileged access to locations, present clear information security requirements, however it is expected that we treat all our client and internal hard copy and electronic information in a secure manner, throughout all our processes.
Our overall ISM objective is to protect the organisation from incidents that might have an adverse effect on the people we work with, our business operations and our professional standing. Information Security issues can include:
-
Confidentiality (people obtaining or disclosing information inappropriately)
-
Integrity (information being altered or erroneously validated, whether deliberate or accidental) and;
-
Availability (information not being assessable when it is required).
Many types of incident can pose a threat to our effective use of information. This includes performance, consistency, reliability, accuracy and timeliness.
Our information security management system is part of our ‘Pathway’ guidelines and using this framework, we will assess and manage ISMS risk. We shall also understand and comply with any applicable ISMS or related legal/regulatory requirements. To ensure these principles are adhered to, we refer to operating guidelines as set out within ISO 27001, the International Standard for Information Security Management System.
This statement has been prepared to demonstrate a commitment to continual improvement within our Information Security Management and adhering to GDPR.
This message shall be communicated and understood throughout Ten Thousand Hours and it is expected that all persons performing work on our behalf share this commitment to these values.
This Policy Statement shall be made available to the public, upon request, and shall be communicated and adhered to by all employees, contractors and visitors who enter any of our worksites.