Information Security Management System Policy

Effective date: August 1, 2021

To ensure that information security risk is identified within the context of our organisation and is effectively assessed, managed and treated and that the key Information Security Objectives of the business are met DutySheet have implemented an Information Security Management System (ISMS) compliant with the requirements of ISO27001.

The Senior Management Team is committed to the implementation, management and maintenance of the ISMS in order to ensure and support the key objectives of the business of:

  • The secure storage, protection and access of all DutySheet held and processed data inclusive of data and information assets processed on behalf of end user
  • Continued provision and maintenance of a secure and safe working environment for all DutySheet operations and activities
  • Continued resilience and protection of the DutySheet and Assemble solutions deployed within our information processing environments
  • Continual Improvement of the ISMS and its controls

To achieve these goals DutySheet will:

  • Maintain its ISO27001 Certification
  • Establish and maintain a framework for setting and reviewing SMART ISMS Objectives to support the continual improvement of our InfoSec performance
  • Review and assess the effectiveness of the risk assessment and treatment criteria and subsequent acceptance
  • Identify and determine all applicable legal & regulatory requirements we face in the completion of our business operations and commercial engagements
  • Ensure that defined SLAs are established and measure our service provision
  • Assess, evaluate and verify our supply chain to ensure control throughout the operation and completion of our ISMS responsibilities
  • Implement, maintain and evaluate effective Business Continuity plans relevant to our organisational and our client facing requirements

DutySheet shall undertake formal reviews of all aspects of its ISMS in its responsibility to continually provide reliable service to its existing and prospective clients.