1.1 Scope
This Information Security Policy is applicable to the entirety of InfoGuard. All InfoGuard employees as well as external staff and suppliers, which access and process information concerning InfoGuard and its clients, are required to adhere to the following security principles and the related policies and procedures.
InfoGuards information security goals include the following:
3.1 Commitment
InfoGuard is committed to the implementation of the stated information security goals and the applicable controls from the ISO/IEC 27001:2013 annex A.
3.2 Compliance
During the procession of data, InfoGuard adheres to the applicable legal, regulatory, industrial and internal requirements and widely recognized information security standards.
3.3 Economic efficiency
The cost of information security measures should not exceed the risk reduction contribution towards identified information security risks. In addition the restriction of business activities caused by implemented information security measures should be kept to a minimum.
3.4 Information security management system (ISMS)
InfoGuard has implemented an information security management system. The ISMS is used for risks mitigation concerning information processing related risks and defines measures to protect InfoGuards information security posture. The ISMS adheres to the widely recognized security standard ISO 27001 and has to be documented appropriately.
InfoGuard is committed to continuously improve its ISMS.
3.5 Responsibilities
All internal and external personal with access to client data and other sensitive data from InfoGuard, play their part in protecting the processed information as part of their area of responsibility. All internal and external personal comply with the outlined information security principles and the related policies and procedures.
Security awareness is a vital component of InfoGuards culture. All employees are personally committed to campaign for our security principles in their day to day work.