The purpose of the Policy is to protect JCAD’s (JCAD) information assets from all threats, whether internal or external, deliberate or accidental. This includes data held by JCAD on behalf of their customers, as well as internal data. The JCAD Board of Directors have approved this Information Security Policy.
JCAD has implemented an information security management system to the ISO 27001:2022 standard. We are committed to comply with all its requirements and to continually improve its effectiveness.
Primary tenets of this policy are that:
· Information will be protected against unauthorised access
· Confidentiality of information will be assured
· Integrity of information will be maintained
· Regulatory and legislative requirements will be met where applicable
· Information Security Training will be provided
· All breaches of Information Security, actual or suspected, will be reported and investigated to the relevant interested parties
· Standards will be produced to support the policy. These include virus controls and passwords
· JCAD will ensure the resources required to protect, communicate and maintain data will be provided
· The JCAD Head of Operations has direct responsibility for maintaining the policy and providing advice and guidance on its implementation and to ensure third party contractors also have the relevant policies in place.
· All Managers are directly responsible for implementing the policy within their business areas, and for adherence by their staff
It is the responsibility of each employee to adhere to the Information Security Policy.