To ensure that information security risk is identified within the context of our organisation and is effectively assessed, managed and treated and that the key Information Security Objectives of the business are met DutySheet have implemented an Information Security Management System (ISMS) compliant with the requirements of ISO27001.
The Senior Management Team is committed to the implementation, management and maintenance of the ISMS in order to ensure and support the key objectives of the business of:
The secure storage, protection and access of all DutySheet held and processed data inclusive of data and information assets processed on behalf of end user
Continued provision and maintenance of a secure and safe working environment for all DutySheet operations and activities
Continued resilience and protection of the DutySheet and Assemble solutions deployed within our information processing environments
Continual Improvement of the ISMS and its controls
To achieve these goals DutySheet will:
Maintain its ISO27001 Certification
Establish and maintain a framework for setting and reviewing SMART ISMS Objectives to support the continual improvement of our InfoSec performance
Review and assess the effectiveness of the risk assessment and treatment criteria and subsequent acceptance
Identify and determine all applicable legal & regulatory requirements we face in the completion of our business operations and commercial engagements
Ensure that defined SLAs are established and measure our service provision
Assess, evaluate and verify our supply chain to ensure control throughout the operation and completion of our ISMS responsibilities
Implement, maintain and evaluate effective Business Continuity plans relevant to our organisational and our client facing requirements
DutySheet shall undertake formal reviews of all aspects of its ISMS in its responsibility to continually provide reliable service to its existing and prospective clients.