Information Security

Information Security

It is the policy of Smollan Headcount to maintain and improve an Information Security Management System that:

  • Provides assurance within the organisation that the availability, integrity and confidentiality of their information will be maintained appropriately

  • Manages information security risks to all organisational assets

  • Protects the organisations’ ongoing ability to meet contracted commitments through appropriate business continuity planning

  • Bases information security decisions and investments on risk assessment of relevant assets considering Integrity, Availability and Confidentiality

  • Takes into account legal or regulatory requirements, and client contractual security obligations

  • Maintains awareness of all employees so they can identify and fulfil contractual and legislative security management responsibilities

  • Minimises the business impact and deals effectively with security incidents

This Policy is supported by the following objectives:

  • Maintenance of a Smollan Headcount Information Security Management System that is fully compliant and independently certified to the ISO 27001 Standard for Information Security Management Systems.

  • Maintenance of a sensitive Information Control Policy including compliance with regulations under the Data Protection Act 1998 to protect client, partner, supplier and employee information that is not in the public domain.

  • Control of an Information Security Risk Assessment Process that assesses the harm likely to result from a security failure and the realistic likelihood of such a failure occurring in the light of prevailing threats and vulnerabilities, and controls currently implemented.

  • Maintenance and improvement of a Business Continuity Plan to counteract interruptions to the activities of Smollan Headcount and to protect critical processes from the effects of major failures or disasters.

  • Defined security controlled perimeters and access controlled offices and facilities to prevent unauthorised access, damage and interference to premises and information.

  • Additional Security Finance Applications Password Policy and System & DB Access Policy exist to support Sarbanes Oxley requirements.

  • Information security awareness training for all employees.

  • An ISMS management team that supports the continuous review and improvement of the ISMS.

  • Control of Incident Management and Escalation procedures for reporting and investigation of security incidents for ISMS management review and action.

The Smollan Headcount Information Security Policy is reviewed by the CEO and the ISMS Manager, who recommend amendments and updates to the policy as part of the continuous security improvement process.