Skip to main content

Exprodo Information Security Policy (Top-Level)

View our ISO 27001 certificate here

The purpose of this Information Security Policy (the “Policy”) is to safeguard information belonging to Exprodo, our clients and interested parties, in keeping with our status as an ISO 27001:2022 accredited company.

The objective of the Information Security Management System (ISMS) is to ensure the confidentiality, integrity and availability of information assets[1], through the implementation of policies, controls and procedures, which support this Policy[2].

The Policy is therefore critical to our clients and our business.

It is the goal of Exprodo Software to ensure that:

  • Information assets will be protected and controlled against unauthorised access or misuse.
  • Confidentiality of information assets will be assured.[3]
  • Integrity of information assets will be maintained.[4]
  • Planning processes will be maintained to secure information assets in the event of a business disruption.
  • Regulatory, contractual and legal requirements will be complied with.[5]
  • Information security policy training will be provided to all employees.
  • Acceptable Use Policies will be issued and signed by all employees and other relevant personnel.
  • Information assets will be classified and protected as required.
  • Physical, logical, environmental and communications security will be maintained.[6]
  • Operational procedures and responsibilities will be maintained.
  • Infringement of this Policy may result in immediate disciplinary action or criminal prosecution.
  • Business requirements for the availability of information and information systems will be met.
  • The applicable requirements of the ISMS are satisfied and the ISMS is continually improved.
  • The information security objectives are expressed and their compliance is tracked.

Paul Robinson, Founder and CEO

NOTES:

  1. Information assets exist in many different forms and are detailed in our asset inventory.
  2. These are outlined and maintained within the Information Security Management System and regularly reviewed (at least annually).
  3. Information is labelled accordingly and always appropriately protected against unauthorised access and disclosure. 
  4. Safeguards are in place to protect against unauthorised modification and destruction of information.
  5. This ensures compliance with the legal requirements of the Copyright, Design & Patents Act 1988, Data Protection Act 1998, the Computer Misuse Act 1990 and any other relevant legislation (see business legal register).
  6. Controls exist to prevent unauthorised access, damage and interference of IT services.