Skip to main content

Information Security Policy

View our ISO 27001 certificate here

The purpose of this Information Security Policy (the “Policy”) is to safeguard information belonging to Exprodo, our clients and interested parties and we aim for ISO 27001:2022 certification.

The objective of the Information Security Management System (ISMS) is to ensure the confidentiality, integrity and availability of information assets[1], through the implementation of policies, controls and procedures, which support this Policy[2]. The Policy is therefore critical to our clients and our business.

It is the goal of Exprodo Software to ensure that:

  • Information assets will be protected and controlled against unauthorised access or misuse.
  • Confidentiality of information assets will be assured.[3]
  • Integrity of information assets will be maintained.[4]
  • Planning processes will be maintained to secure information assets in the event of a business disruption.
  • Regulatory, contractual and legal requirements will be complied with.[5]
  • Information security policy training will be provided to all employees.
  • Acceptable Use Policies will be issued and signed by all employees and other relevant personnel.
  • Information assets will be classified and protected as required.
  • Physical, logical, environmental and communications security will be maintained.[6]
  • Operational procedures and responsibilities will be maintained.
  • Infringement of this Policy may result in immediate disciplinary action or criminal prosecution.
  • Business requirements for the availability of information and information systems will be met.
  • The applicable requirements of the ISMS are satisfied and the ISMS is continually improved.
  • The information security objectives are expressed and their compliance is tracked.

The Managing Director has approved and supports this Policy, and has overall responsibility for its implementation. The Chief Information Security Officer (CISO) has direct responsibility for maintaining this Policy and providing guidance and advice on its implementation. All managers are responsible for the implementation of this Policy within their business area. It is the responsibility of each employee to adhere to this Policy.

Paul Robinson, Founder and Managing Director
Brian Sharland, Chief Information Security Officer

NOTES:

  1. Information assets exist in many different forms and are detailed in our asset inventory.
  2. These are outlined and maintained within the Information Security Management System and regularly reviewed (at least annually).
  3. Information is labelled accordingly and always appropriately protected against unauthorised access and disclosure.
  4. Safeguards are in place to protect against unauthorised modification and destruction of information.
  5. This ensures compliance with the legal requirements of the Copyright, Design & Patents Act 1988, Data Protection Act 1998, the Computer Misuse Act 1990 and any other relevant legislation (see business legal register).
  6. Controls exist to prevent unauthorised access, damage and interference of IT services.