PFA’s information security management system describes the company’s approach to the vital area of Information Security management, and details how we address our responsibilities in relation to it.
As a company, we are committed to preserving the confidentiality, integrity and availability of physical and electronic information assets. This allows us to conduct our business and fulfil our contractual obligations whilst maintaining security, as well as to comply with legal requirements.
Information Security Management Principles
- Information is categorised and allocated to authorised persons for access from within or outside the company.
- Confidentiality of information held by PFA is reviewed and maintained.
- Integrity of information is maintained throughout the standard business practice.
- Business continuity plans are established, maintained, reviewed and tested.
- All personnel are trained on information security and are informed that compliance with the policy is mandatory.
- All breaches of information security and suspected weaknesses are reported and investigated.
- Procedures that exist to support the policy, include non-exhaustively; asset control, risk and threat assessment, business continuity plans and access control. Availability of information systems and integrity will be maintained.