PROTECTION & SECURITY
INFORMATION SECURITY MANAGEMENT SYSTEM

ibCom has a formal ISMS, which forms the basis for its compliance.

INTRODUCTION

ibCom has implemented an Information Security Management System (ISMS) to protect the organisation's information from a range of internal and external information risks and threats. This ISMS has been created to define the purpose, scope, direction, principles and basic rules for this ISMS.

The confidentiality, integrity, protection and availability of ibCom’s information and customer data should always be preserved, whatever the form of the information and however it is shared, utilized, communicated or stored.

This ISMS is based the ISO 27001, 27017 Information Security standards

OVERVIEW

This ISMS has been built around, and aligned to, the information security controls from ISO 27001 and ISO 27017.

The ISMS reference and policy controls:

  • Demonstrate management leadership and commitment to information security.

  • Are appropriate for the company and its product & services.

  • Includes information security objectives and provides a framework for setting information security objectives

  • Includes a commitment to satisfy the applicable security requirements

  • Includes a commitment to continual improvement of information security management system

    The Information Security Policies shall be available as documented information; be communicated within the organisation to and be available to interested parties as required or applicable

SCOPE

The scope of IbCom’s ISMS includes information security applicable to:

  • All employees, contractors, consultants, products and services, customers, clients, partners, vendors.

  • All physical and virtual business offices and operations.

  • All physical and virtual business systems and processes.

  • All physical and virtual, assets and technology, including desktop and laptop computers, mobile devices, physical and virtual networks, data centres.

  • All physical and cloud-based business and customer information (data) repositories.

  • All internal and external business communications.
OBJECTIVES
Supporting the company in its core mission of providing value to its shareholders and confidence to its customers through:
  • Identifying and assessing information security risks and treating those risks so that they are acceptable.

  • Reducing or eliminating information security incidents.

  • Minimising the negative impact of any such incidents.

  • Continually improving the company’s ability to assess, detect, avoid and ameliorate information security risks and incidents.

  • Maintaining esteem for and the credibility of the company’s services and MyDigitalStructure brand.

  • Protecting the privacy of all stakeholders and particularly the personal information of IbCom’s customers.

  • This policy applies to all the ISMS and to all of the organisation.

PRINCIPLES
  • Management will commit to the implementation and maintenance of this Security Policy, as well as the procedures and policies required to support this Security Policy.

  • All employees will be educated in information security principles and are responsible and accountable for information security relevant to their roles.

  • ibCom’s information security risks are assessed, managed and treated as necessary so that the company’s information security risks remain within acceptable parameters.

  • ibCom’s information security controls are adequately provisioned for and funded.

  • The company’s security posture is for continuous improvement.

  • Violations of this or any related policy or procedure by any employee may result in disciplinary action and/or dismissal and/or criminal prosecution and breaches of information security will not be tolerated.

  • Fundamental information security pillars:
    # Separation of concerns and purpose
    # Start with the ‘best of breed’ foundations for security and architecture
    # Keep security it simple
    # Give the information (data) owner control
    # Do you have a reason to know?

  • Test, test, test – Top to Bottom & End to end, for all internal and external threats eg penetration testing of the end points

  • Listen to the community

  • Maintain best practice

RESPONSIBILITIES
  • ibCom Directors are responsible for the suitability, adequacy, implementation and effectiveness of the ISMS.

  • ibCom’s Chief Risk Officer is responsible for ensuring the ISMS conforms to the requirements of ISO 27001 & ISO 270017 and for reporting on the performance of the ISMS to the Directors.

  • ibCom’s employees, contractors and consultants are trained in their information security responsibilities and are held accountable.
KEY OUTCOMES
  • Information security is architected and embedded into all facets of the business operations and technologies.

  • Customers, suppliers and partner’s confidence in the confidentiality, integrity and availability of the organization's information will be preserved.

  • Information security incidents will be mitigated and not result in legal or compliance breaches, significant information loss, financial losses or reputational damage or disruption to the business.

  • Shareholder value will be preserved or enhanced through the implementation of organisational wide ISMS

More about compliance

ibCom's ISO/IEC 27001 Statement of Applicability

 
Protection & Security
Executive Summary
ISMS <> COBIT