Information Security Policy
1.0. Policy Objective
1.0. To protect the information assets that Sharpstack Hosting Limited handles, stores, exchanges, processes, and has access to, and to ensure the ongoing maintenance of their confidentiality, integrity, and availability.
1.1. To ensure controls are implemented that provide protection for information assets and are proportionate to their value and the threats to which they are exposed.
1.2. To ensure the organisation complies with all relevant legal, customer, and other third-party requirements relating to information security.
1.3. To continually improve the organisation’s Information Security Management System (ISMS) and its ability to withstand threats that could potentially compromise information security.
2.0. This policy and its sub-policies apply to all people, processes, services, technology, and assets detailed in the Scope. It also applies to all employees or subcontractors of information security critical suppliers who access or process any of the organisation’s information assets.
3.0. Core Policy
3.0. The organisation believes that despite the presence of threats to the security of such information, all security incidents are preventable.
3.1. The Directors of Sharpstack Hosting Limited are committed to achieving the objectives detailed in the policy through the following means:
3.1.1. The implementation and maintenance of an ISMS that is independently certified as compliant with ISO 27001:2017;
3.1.2. The systematic identification of security threats and the application of a risk assessment procedure that will identify and implement appropriate control measures;
3.1.3. Regular monitoring of security threats and the testing/auditing of the effectiveness of control measures;
3.1.4. The maintenance of a risk treatment plan that is focused on eliminating or reducing security threats;
3.1.5. The maintenance and regular testing of a Business Continuity Plan;
3.1.6. The clear definition of responsibilities for implementing the ISMS;
3.1.7. The provision of appropriate information, instruction, and training so that all employees are aware of their responsibilities and legal duties, and can support the implementation of the ISMS;
3.1.8. The implementation and maintenance of the sub-policies detailed in this policy.
3.2. The appropriateness and effectiveness of this policy and the means identified within it, for delivering the organisation’s commitments will be regularly reviewed by Top Management.
3.3. The implementation of this policy and the supporting sub-policies and procedures is fundamental to the success of the organisation’s business and must be supported by all employees and contractors who have an impact on information security as an integral part of their daily work.
3.4. All information security incidents must be reported to the Technical Director. Violations of this policy may be subject to the organisation’s Disciplinary and Appeals Policy and Procedure.