Tape Ark is a provider of tape to cloud-based storage data migration services which sometimes involves the holding of client confidential information and always involves processing client data. Tape Ark holds its own privileged information secure, but is also committed to the protection of all client information.
This Policy mandates that a consistent, risk-based approach is implemented for Information Security (IS) in order to maintain information confidentiality, integrity and availability.
It is the policy of Tape Ark to ensure:
- Information will be protected against unauthorized access while in transit or at rest;
- Confidentiality of information will be maintained;
- Information will not be disclosed to unauthorized persons through deliberate or careless action;
- Integrity of information is maintained through protection from unauthorized modification;
- Availability of information to authorized users when needed;
- IS training is completed by all staff;
- All suspected breaches on IS will be reported and investigated.
Any individual dealing with information at Tape Ark, no matter what their status (e.g. employee, contractor or consultant), must comply with the IS policies and related IS documents.
Strategies to achieve the aims of this policy include:
- Ensure the IS Policy is an accurate reflection of the business context and takes into account our strategic direction and all relevant factors both internal and external;
- Ensure measurable objectives are established, communicated, monitored and reviewed for effectiveness by the Management Team in the annual Management System Review Meeting. Corrective actions will be taken as required based on deviations from our objectives. Our objectives are agreed collectively. Individual teams are then empowered to deliver results, with delegated accountability and decision making;
- Ensure all non-conformances and corrective/preventative actions are documented and reviewed at least quarterly;
- Ensure IS is addressed for all projects, regardless of type, by way of risk assessments and objectives;
- Educate staff to allow them to independently make an informed decision with regards to the secure handling of IT assets and information, within the framework of the total range of IS policies;
- Defend IT assets and information that Tape Ark governs, owns, manages, maintains or controls which are both tangible and intangible;
- Continually improve the Quality and Information Security Management System (QISMS) through regular monitoring and reviews. Corrective measures shall be determined, allocated and recorded for follow up in the Helpdesk Pilot system;
- Comply with legislation and industry best practices including ISO 27001:2015 that apply to Tape Ark.
All personnel have a responsibility to report perceived and actual IS breaches and/or IT incidents either to the CEO or to their immediate supervisor. Management and employees are responsible for embedding IS risk management in our core business activities, functions and processes. IS risk awareness and our tolerance for risk are key considerations in our decision-making.