This policy outlines the company’s commitment to maintain an information security management system that meets the requirements of the ISO 27001:2013 standard.

It includes commitments to protecting the confidentiality, integrity and availability of information assets from all threats whether internal, external, deliberate or accidental.

It details the controls in place to ensure information security, compliance with applicable requirements of the ISO 27001 standard, mechanisms in place for continuous improvement of information security…etc.

This policy is a requirement for ISO 27001:2013 compliance and can be edited to suit. However, care must be taken when amending this document if the intent is for it to be used to satisfy the requirements of ISO 27001 compliance as there are some elements that the standard requires the policy to cover: -

• A framework for setting information security objectives
• A commitment to satisfy applicable requirements
• A commitment to continual improvements of the integrated management systems.

Like all other policies this should be retained as documented information, filed correctly and made available to all interested parties.

The information classification label on this policy is [Public].