Commitment to Security
Purpose
Ultima Business Solutions Limited (“Ultima”), and its Board of Directors’, is committed to implementing a robust Information Security Management System (ISMS) to safeguard the Confidentiality, Integrity and Availability (CIA) of its information assets, and information entrusted to it by its customers and suppliers. The Ultima Board has duly elected its Chief Executive Officer as the Executive Sponsor to develop and implement Ultima’s ISMS.
Scope
The implementation of the ISMS shall apply companywide to the provision of IT hardware, software and support services to corporate clients, including: consultancy / design, project management, equipment configuration & maintenance of services to its customer base; and shall manage its IT infrastructure and other information assets. This Policy affects and applies to all Ultima staff (permanent and temporary), and other parties acting for or on behalf of Ultima. Ultima’s implementation of its ISMS shall conform to ISO/IEC 27001 framework.
Policy
The Executive Sponsor has been empowered to establish the Information Security objectives of the business; ensure that sufficient measures are put in place to meet and manage the objectives; and implement relevant documented information to support the ISMS framework.
Objectives
- Enable Ultima to meet its statutory obligations under relevant Data protection laws, as well as meet its contractual
obligations. - Use a risk-based approach to identify Ultima’s critical Information security assets to ensure they are adequately
protected. - Maintain the confidentiality, integrity and availability of all business and customer information assets.
- Continue to work with the Information Security Forum to review and set objectives, and manage, monitor and continuously improve the ISMS to meet business needs.
Means:
- Provide robust methods of risk assessment, management and treatment of security matters.
- Develop, implement and maintain controls to identify and measure attainment of security objectives.
- Ensure processing facilities and information assets are protected against unauthorised access, both physical and logical and misuse.
- Risk assess vendors and suppliers of goods and services, in scope of the Security Management System, to ensure that
they have suitable security measures and controls in place. - Ensure processes are in place to safeguard against unlawful disclosure of information.
- Dispose of media containing personal or sensitive information in a secure way.
- Test the effectiveness of its security strategy by means of audit.
- Treat non-conformity by identifying and implementing corrective and /or preventative actions.
- Ensure that sufficient levels of training and competency of staff and other interested parties are maintained and all
related evidence is retained. - Investigate all known breaches and mitigate any risks identified.
- Relevant communications to interested parties, internal and external.
- Develop and maintain the Business Continuity and Disaster Recovery Plans.
Documentation:
- Information Security Policy;
- ISMS Framework documents;
- Processes and Work instructions;
- Testing records; and
- Training records
This policy has been executively signed off and approved by Scott Dodds, Chief Executive Officer, 5th July 2024