Information Security Policy Statement
American Bridge UK (ABUK) is committed to managing all information in order to satisfy applicable legislation, best practise and recognised standards.
Information held by ABUK could take many different forms. Information which may be held will include hard copy, information stored electronically on our shared drive as well as that spoken in conversation. Protection of information is required to avoid breaches of the law, statutory, regulatory and contractual requirements as well as to ensure business continuity.
The loss, corruption or theft of information and supporting systems could have a serious impact on our business activities and reputation. Our people, information and processing systems are critical to our business and need to be protected appropriately. Our overall objective is to ensure that there are no breaches of information security and we review our processes to establish continual improvement opportunities.
Our policy is to create an environment in which our information is secure. We achieve this by:
- Ensuring we have a robust, secure and monitored IT infrastructure which protects our information ensuring that it is appropriately backed up and secure
- Ensuring the availability, confidentiality and integrity of our information, ensuring data is maintained and only disclosed to relevant parties
- Ensuring that the use of information systems by employees does not create unnecessary business risk through inappropriate behaviour and is only accessible to those that require it
- Limit the amount of hard copy information held by discouraging printing
- Ensuring laptops are locked when away from desk and the use of USB sticks and external hard drives is limited
It is the responsibility of every individual in and associated with the business to:
- Handle all information appropriately according to its sensitivity
- Take steps to minimise the chance of information being lost or stolen
- Report security incidents or information breaches in line with our data protection principles
- To prevent or minimise disruption to the business in terms of information security
- Exercise vigilance when using computers, removable storage devices and phones or when using email and internet services
- Use ABUK’s information and supporting business systems for approved business purposes only and in a manner that does not compromise their confidentiality, integrity or availability.
This policy statement will be reviewed on an annual basis or following significant changes.
Published June 2019