Policy in General

The following basic principles of information security shall be applied to all company operations: Confidentiality: information must be protected from unauthorised access and disclosure throughout its lifecycle, from creation to final disposal. Integrity: the accuracy and completeness of information must be safeguarded and unauthorised amendment or destruction prevented. Availability: Ensure that information is available to authorised users when required. Legislative compliance: all staff must be aware of and comply with UK and EU law which applies to the processing of information. Personal Identifiable Information (PII) in particular will only be processed, disclosed, shared and retained in accordance with applicable data protection laws and in line with Certus’ PII procedures.

1) Objectives

Regarding information security Certus’ goal is to protect the company’s interests and those of our customers, and therefore we have defined the following objectives:

  • employees, contractors and associates are to be clear regarding their responsibilities in respect of the use and security of information;
  • information is to be protected against unauthorised access, and confidentiality, integrity and availability is to be maintained;
  • information is to be managed to acceptable standards and regulatory and legislative requirements are to be met;
  • employees are to have access to appropriate guidance, support and training regarding information security;
  • any breach of information security, actual or suspected, is to be reported, investigated and acted upon.

2) Scope

This policy applies to anybody who accesses Certus’ information – these are Information Users – and applies regardless of their location (point of access). It applies to all Certus Systems, the use of such systems and to all information within the business or handled on behalf of the business.

More specifically, this policy applies to:

  • all information created or received in the course of Certus’ business which must be protected according to its sensitivity, criticality, and value, regardless of the media on which it is stored, the location of the data, the manual or automated systems that process it or the methods by which it is distributed.
  • all Information Users, including all employees, trainees, associates, contractors, suppliers, partners and external users who may be authorised to access Certus’ information.
  • all locations from which Certus’ information is accessed including offices, homes and off-site/remote access points;
  • all Certus Systems, including those used internally to operate the business, those developed, maintained or provided to customers or business partners;
  • all information held within the business, or accessed as a part of the company’s operations or services.