iPRO acknowledges the role of information security as critical to the continuity and controlled provision of our services to clients, contractors, employees, and all stakeholders.
IPRO’s Information Security Policy is based on the following principles:
• The Information Security Policy is a critical factor in achieving the desired level of Client satisfaction and must take a high priority in all our operations.
• A comprehensive Risk Management Plan covering all relevant internal and external risk factors and resulting in ineffective information security controls is critical to maintaining our competitiveness.
• Risk-based thinking is central to all IPRO processes and is the responsibility of the entire team to implement and maintain.
• Security controls must be proportional to the assessed risk of the confidentiality, integrity or availability of information becoming compromised.
• Training is essential to ensure the process of risk identification, analysis, corrective/preventative actioning is communicated, understood, and implemented.
In keeping with our Information Security principles iPRO will:
• Ensure that the information it manages is appropriately secured to protect against the consequences of breaches of confidentiality, failures of integrity or interruptions to the availability of that information.
• Develop, implement, and maintain effective information security control measures.
• Establish measurable information security objectives and produce statistical reports to review performance against these objectives.
Information security objectives will be reviewed and modified or replaced as circumstances change.
• Establish a security team to ensure that there is clear direction and visible management support for security initiatives and promote security through appropriate commitment and adequate resourcing. The security team shall devise and coordinate the implementation of information security controls.