Information Security Policy Statement

Information Security Policy Statement

The data and information stored on Outsource information systems (both manual and electronic) represents some of the company’s most valuable assets. It is therefore essential that all data and equipment owned by or used on behalf of Outsource Group, at all locations, are protected against the many threats which may affect staff, and client privacy and overall service provision.

Such threats can range from accidental damage to the deliberate disclosure of sensitive staff or client information.
Information security is the responsibility of every member of staff working within the company and within our supply chain. Outsource also considers its responsibility in relation to environmental sustainability as a top priority throughout the business and has integrated this into our Information Security Management System by taking into consideration how climate change can impact our business as well as what we can do to play our part in reducing our carbon footprint.

The information systems currently in use employ technical processes and procedures to assist in preserving the confidentiality, integrity, and availability of the data and information they hold. However, these security measures can be weakened or rendered ineffective through accidental or malicious intent.

Therefore, the organisation has established the following Information Security Policy Statement:

• We will achieve and maintain certification to ISO27001:2022.
• The SMT will commit to following the ISMS requirements and continually improving the effectiveness of the ISMS including the following points; The ISMS will be used as a framework for setting Information Security Objectives Information security will be at the forefront of our business;
• We commit to ensuring we comply with any applicable legal and regulatory requirements for information security and data protection.
• Technical and non-technical controls shall be implemented to reduce the risk to our information and our client’s information.
• Outsource employees will be given the necessary regular training and resources to comply with our controls.
• We will review and regularly update our information security objectives, processes and practices to ensure they meet our requirements and our clients’ expectations.