Ultima Business Solutions Limited (“Ultima”), and its Board of Directors’, is committed to implementing a robust Information Security Management System (ISMS) to safeguard the Confidentiality, Integrity and Availability (CIA) of its information assets, and information entrusted to it by its customers and suppliers. The Ultima Board has duly elected its Chief Executive Officer as the Executive Sponsor to develop and implement Ultima’s ISMS.
The Executive Sponsor has been empowered to establish the Information Security objectives of the business; ensure that sufficient measures are put in place to meet and manage the objectives; and implement relevant documented information to support the ISMS framework.
- Enable Ultima to meet its statutory obligations under relevant Data protection laws, as well as meet its contractual obligations.
- Use a risk-based approach to identify Ultima’s critical Information security assets to ensure they are adequately protected.
- Maintain the confidentiality, integrity and availability of all business and customer information assets.
- Continue to work with the Information Security Forum to review and set objectives, and manage, monitor and continuously improve the ISMS to meet business needs.
- Provide robust methods of risk assessment, management and treatment of security matters.
- Develop, implement and maintain controls to identify and measure attainment of security objectives.
- Ensure processing facilities and information assets are protected against unauthorised access, both physical and logical and misuse.
- Risk assess vendors and suppliers of goods and services, in scope of the Security Management System, to ensure that they have suitable security measures and controls in place.
- Ensure processes are in place to safeguard against unlawful disclosure of information.
- Dispose of media containing personal or sensitive information in a secure way.
- Test the effectiveness of its security strategy by means of audit.
- Treat non-conformity by identifying and implementing corrective and /or preventative actions.
- Ensure that sufficient levels of training and competency of staff and other interested parties are maintained and all related evidence is retained.
- Investigate all known breaches and mitigate any risks identified.
- Relevant communications to interested parties, internal and external.
- Develop and maintain the Business Continuity and Disaster Recovery Plans.
- Information Security Policy;
- ISMS Framework documents;
- Processes and Work instructions;
- Testing records; and
- Training records
This Policy has been executively approved by Scott Dodds, Ultima CEO on May 19th, 2022