Information Security Policy
Information security is the protection of information and supporting systems from a wide range of threats in order to ensure business continuity, minimise operational risk, and maximise return on investments and operational opportunities. Data, Information, and the underlying technology systems are essential assets to Enboarder and provide vital resources to staff and the customers and consequently need to be suitably protected.
The security of information in all its forms is of the utmost importance to Senior Management. Information security is achieved by implementing a suitable set of controls (based on risk profile), including policies, processes, procedures, organizational structures, software, and hardware functions. This gives confidence to interested parties that risks due to potential incidents are adequately managed.
This policy applies to all employees and other relevant third parties
Enboarder will work to enact best practice principles of information security such as:
- Systems and applications are configured to reduce their attack surface.
- A defence in-depth security methodology is employed.
- Systems and applications are administered in a secure and accountable manner.
- Security vulnerabilities in systems and applications are identified and mitigated in a timely manner.
- Data, applications and configuration settings are backed up on a regular basis.
- Personnel are granted the minimum access to systems, applications and data repositories required for their duties.
- Personnel are provided with ongoing cyber security awareness training.
In order to achieve this, the following information security objectives have been established:
- Establish and continually improve an Information Security Management System.
- Strategic and operational information security risks are understood and treated to be acceptable to Enboarder
- Public web services and internal networks meet specified availability standards
- Conduct Application Vulnerability Scans to make sure that the application is safe from emerging threats
- Business continuity plans, that includes information security continuity, are produced, maintained and tested as far as practicable.
- Information security training is given to all employees.
To achieve these objectives, we shall act to:
- Communicate this policy to all existing employees and to new employees upon commencement.
- Comply with all legislative, regulatory and other requirements which are relevant to Enboarder.
- Make our commitment to information security visible to all interested parties.
- Maintain and continually improve an Information Security Management System which meets the requirements of ISO 27001:2022 and SOC2 Type 2
This policy, together with the objectives set, will be reviewed on an annual basis to ensure that it remains relevant and suitable to be operations of Enboarder.