Information is one of our most valuable assets and is at risk from a wide range of physical and electronic
threats. Preserving the confidentiality, integrity and availability of this information is essential is we are
to maintain our operational ability, protect our assets and safeguard customer and employee data.
I am committed to the continuous improvement of Information Security controls and culture
throughout the business. We will work as one team to effectively secure our IT systems and information
by:
1. Making sure information is protected to an appropriate level, based upon the impact of its disclosure,
modification or loss.
2. Complying with all relevant information management legislation, regulations and standards.
3. Making sure that employees are clear about their responsibilities regarding ownership of information
security, and that we expect them to take their legal and moral role seriously.
4. Managing the security of all computer systems and supporting infrastructure through the
implementation of appropriate technical security controls.
5. Controlling access through the implementation of user names, passwords and system priviledges.
6. Making sure that security is an integral part of information systems including segregation of duties,
change control procedures and agreed testing and approval processes.
7. Ensuring Information Security events and weaknesses are formally managed to allow timely corrective
action to be taken.
8. Protecting critical information systems from the effects of major failures or disasters by deploying
appropriately resilient infrastructure.
9. Ensuring redundant equipment, media and papers are disposed of securely.
We will annually review the Information Security policy and the way it operates, or more frequently in
the case of significant change to the nature or scope of risk in the business.
Kirsty Bathgate
CEO & Founder
