Difference between revisions of "ISO:Information Security"
Jump to navigation
Jump to search
(Created page with "== Information Security == The Board of Directors and senior management of Hornbill Ltd (Hornbill) are committed to preserving the confidentiality, integrity and availability...") |
|||
| (3 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| + | This document can now be found at its new location in the [https://docs.hornbill.com/hornbill-cloud/iso/information-security/ Hornbill Document Library]. | ||
| + | |||
| + | [[file:hornbill-document-library.png|Hornbill Cloud|link=https://docs.hornbill.com/hornbill-cloud/iso/information-security/]] | ||
| + | |||
| + | <!-- | ||
== Information Security == | == Information Security == | ||
| Line 10: | Line 15: | ||
Senior management, full and part time employees, sub-contractors, project consultants and any other external parties have, and will be made aware of, their responsibilities to preserve information security, to report security breaches, and to act in accordance with the requirements of the Hornbill’s ISMS. The consequences of security policy violations are described in Hornbill’s disciplinary processes contained with the HR policy. | Senior management, full and part time employees, sub-contractors, project consultants and any other external parties have, and will be made aware of, their responsibilities to preserve information security, to report security breaches, and to act in accordance with the requirements of the Hornbill’s ISMS. The consequences of security policy violations are described in Hornbill’s disciplinary processes contained with the HR policy. | ||
All will receive information security awareness training and specialist employees will receive appropriately focused training as required to meet Hornbill’s business, contractual, and regulatory requirements and obligations. | All will receive information security awareness training and specialist employees will receive appropriately focused training as required to meet Hornbill’s business, contractual, and regulatory requirements and obligations. | ||
| + | |||
| + | |||
| + | ===Minimisation=== | ||
| + | Only data that must be collected and stored SHOULD be collected and stored. The set of data should be the minimum required to achieve the goal. The Data security officer and team leads will be responsible for ensuring that any collected data is minimal. Any concerns or queries must be directed to the data security officers and a review of stored data conducted. All marketing exercises that involve the collection of data MUST be approved by the Marketing systems manager who will ensure that all data is the absolute minimum required, compliant with the required laws and 100% OptIn with express consent obtained. | ||
| + | |||
| + | |||
| + | ===Anonymisation=== | ||
| + | Any data collected and processed for analytical reasons must be anonymized. The level of anonymization is per node\instance or service. No lower than service is permitted. | ||
| + | Any data collected for security or Error detection (Log files) are not required to be anonymized before any processing but only the minimum used\made available for review, however should the same data be used for any other purposes then it must be scrubbed. | ||
| + | |||
| + | |||
| + | ===Statistics\Metrics\Measures=== | ||
| + | Any data collected and processed for Statistics\Monitoring\Metrics must be anonymised, The level of anonymization is per node\instance\service\API. No user should be identifiable. Only counts or other INT values may be collected | ||
| + | --> | ||
| + | [[Category:HDOC]] | ||
| + | <!-- hornbill-cloud/iso/information-security --> | ||
Latest revision as of 17:00, 11 September 2023
This document can now be found at its new location in the Hornbill Document Library.
