Effective Date: 01/07/2023
1. Introduction
Elevating Business Limited (“we,” “our,” or “us”) is committed to safeguarding the confidentiality, integrity, and availability of our information assets and ensuring the security of our business operations. This Security Policy outlines our approach to security and the responsibilities of all employees and stakeholders.
2. Information Security Objectives
Our information security objectives include:
- Protecting sensitive and confidential information.
- Ensuring the availability and reliability of our systems.
- Complying with legal and regulatory requirements, including GDPR.
- Minimizing the risk of security incidents and breaches.
- Continuously improving our security posture.
3. Roles and Responsibilities
3.1. Management
Management is responsible for:
- Defining and communicating security objectives.
- Allocating resources for security initiatives.
- Monitoring compliance with this policy.
- Approving security-related policies and procedures.
3.2. Employees
All employees are responsible for:
- Complying with security policies and procedures.
- Reporting security incidents promptly.
- Safeguarding sensitive information.
- Participating in security awareness training.
3.3. IT Department
The IT department is responsible for:
- Implementing and maintaining security measures.
- Conducting regular risk assessments and security audits.
- Managing access controls and authentication.
- Responding to security incidents and breaches.
4. Access Control
Access to systems and data is controlled based on the principle of least privilege:
- User access is granted based on job roles and responsibilities.
- Access rights are reviewed regularly and revoked upon job changes.
- Strong authentication mechanisms are implemented.
- Passwords are securely stored and regularly updated.
5. Data Protection
We are committed to protecting personal and sensitive data:
- Data classification and handling procedures are established.
- Encryption is employed for sensitive data in transit and at rest.
- Data backups are conducted regularly and securely stored.
- Data retention policies are defined and adhered to.
6. Incident Response
We maintain an incident response plan:
- Security incidents are reported promptly.
- Incident response team is designated and trained.
- Incidents are investigated, documented, and reported as required by law.
- Remediation plans are developed and executed.
7. Training and Awareness
We provide ongoing security awareness training:
- Employees receive training on security policies and procedures.
- Phishing awareness and social engineering training are conducted.
- Employees are encouraged to report security concerns.
8. Compliance and Audit
We conduct regular security audits and assessments:
- Compliance with this policy is audited periodically.
- Security controls are tested and evaluated.
- Audit results are used to improve security measures.
9. Review and Revision
This Security Policy is reviewed periodically to ensure its effectiveness and relevance. Updates may be made as necessary to address new threats or changes in the business environment.
10. Contact Information
For questions, concerns, or reporting security incidents, please contact:
Elevating Business
Runway House
North Weald Airfield
Merlin Way
North Weald
CM16 6HR