ISO:Management Systems

From Hornbill
Revision as of 10:44, 25 September 2018 by Keiths (talk | contribs) (Created page with "==Data Protection and Privacy== Hornbill Technologies is committed to compliance with all national and, where appropriate, international laws relating to the protection of per...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Data Protection and Privacy

Hornbill Technologies is committed to compliance with all national and, where appropriate, international laws relating to the protection of personal data and individual privacy. The Chief Technical Officer is Hornbill Technologies’ Data Protection Officer. Personal data is classified as Restricted, and is available only to those who need to deal with it. The policy applies to all personal data held by Hornbill Technologies, including on wireless notebook computers, and mobile telephones, etc. All staff will be provided with training to ensure that they understand Hornbill Technologies policy and the procedures it has put into place to implement that policy. The disciplinary process will be invoked in circumstances where this policy may have been transgressed.

Compliance with security policies and standards

Managers continuously review their area of operations for compliance and should any non-compliance be identified the manager determines the cause, evaluates the actions necessary, implements appropriate actions and reviews the outcome to ensure the non-conformance does not recur.

Where the manager notes a recurrence of minor infractions or where there is a potential breach or incident then the Manager records the issue either in a report to the Information Security Manager, an Incident Report or, if more appropriate, an internal departmental record.

Such reports are shared with auditors as appropriate during internal audit

Information systems audit controls

Audits of the security arrangements and controls are conducted in line with the ISMS Manual requirements. Audit plans are constructed so as to minimise the interruption to operational systems and business processes especially where penetration testing or similar is conducted.

All Polices are reviewed bi-annually and updated as required to reflect changes in business or practices and submitted for confirmation by management team prior to release to business.

Penetration Testing

As well as frequent tests undertaken by Hornbill we utilise external security companies to validate our results and services at least annually. The testing is against all infrastructure (Both on Premise and in Data Centers) and software used. Results of tests are available on request and certificates via https://www.hornbill.com

Retrieved from "https://wiki.hornbill.com/index.php?title=ISO:Management_Systems&oldid=19357"