The confidentiality, integrity and availability of information are of great importance to the administration and operation of Layer 7 Ltd. Failure in any of these areas can result in disruption to the services that we provide as well as loss of confidence in Layer 7 Ltd by existing and potential customers. The security of our information and other assets is therefore regarded as fundamental to the successful operation of the organisation. The objective of the Information Security Policy is to ensure business continuity and minimise business damage by preventing and managing an acceptable level the impact of information security incidents. Adherence to this policy will assist to protect ourselves and our customers from information security threats, whether internal or external, deliberate or accidental.
This Information Security Policy is used as a framework for Layer 7 Ltd to set Objectives. These objectives will be reviewed during the Management Review process.
We are committed to good information security provision for customers and staff; hence it is the policy of Layer 7 Ltd that we will:
- Ensure that information is accessible only to those authorised to have access;
- Safeguard the accuracy and completeness of information and processing methods;
- Ensure that authorised users have access to information and associated assets when required;
- Ensure that we meet our regulatory and legislative requirements;
- Address the security of all of our services and processes to ensure that risks are identified, and appropriate controls are implemented and documented;
- Provide a secure working environment for staff on our site;
- Produce business continuity and incident response plans for strategic services which will be tested on a regular basis;
- Promote security awareness and provide appropriate information security training for our staff.
The Managing Director is responsible for the production and the controls to enforce this policy as well as the provision of advice and guidance on its implementation and maintenance.
All breaches of information security must be reported to the Managing Director who will be responsible for the investigation and subsequent reporting of all security incidents.
It is the responsibility of all staff and visitors to adhere to this policy.
Layer 7 Ltd reserves the right to inspect any data stored on an Layer 7 Ltd computer or telecommunication system, or transmitted or received via Layer 7 Ltd networks, in the cause of investigating security incidents or safeguarding against security threats. This policy shall be reviewed on a regular basis or if significant security changes occur to ensure its on-going suitability and effectiveness.