• Home Page
• Corporate
  • BCRM Approach
  • BCRM FAQ
  • Case Studies
  • Certifications
  • Code Of Conduct
  • Company details
  • Customer satisfaction
  • Industry Endorsements
  • The Team
  • Why us?
• Policies
  • Business Continuity
  • Conflict of Interest
  • Corporate Social Responsibility
  • Data Protection
  • Disability Discrimination
  • Environment
  • Equal Opportunities
  • Health and Safety
  • Information Security
  • Personnel Screening
  • Quality
• Services
  • Health Checks
    • Business Continuity
    • Security Vetting
    • Data Protection Act
    • Software Asset Management
    • Service Management
    • Information Security
    • PCI DSS
    • Risk Management
  • Information Assurance
    • Disaster Recovery
    • Information Security
    • Physical Security
    • Employee Vetting
    • Software Asset Management
    • Risk Management
    • Identity Management;
    • Secure Disposal
  • Compliance
    • Governance Today;
    • GRC
    • FSA Compliance
    • Data Protection Act;
    • PCI DSS;
    • Sarbanes Oxley;
    • FSAP
    • Workflow and GRC;
    • Using XBRL for GRC;
    • Inspection of Records;
    • Litigation Support
    • Employment Law
    • FSA Support
    • Money Laundering
  • Management Systems Consultancy
    • ISO 9001
    • SO 14001;
    • ISO 17025
    • OHSAS 18001
    • ISO 20000
    • BS 25999;
    • ISO 27001;
    • Do you need us?
    • Auditing
    • Polices and Procedures
  • Continuous Improvement
    • ISO 9004;
    • Total Quality Management (TQM)
    • Six Sigma;
    • Capability Maturity Models;
    • ServQual / RATER;
    • EQF
    • Balanced Scorecards;
  • Certification Services
    • Standards Implemented
    • Management System Implementation Methodology
    • Consultancy to Support Certification
    • Certification Body Audit Markings
    • Certification Pre-Audit Services
    • Remediation
    • Certification FAQ
  • Digital Forensics
    • Forensic Evidence Recovery
    • Expert Witness Services
• Records Management
• Training
• Standards
  • Management Systems
    • BS 25999
    • ISO 14000
    • ISO 17025
    • ISO 20000
    • ISO 27000
    • ISO 9000
    • OHSAS 18000
    • PAS 99
  • Other Standards
    • BS 10008
    • BS 10012
    • ISO 25777
    • BS 7858
    • BS 8470
    • BS 7858
    • BS 8549;
    • ISO 15489
    • ISO 19770
    • ISO 24762
    • ISO 38500
• Legislation
  • Basel II
  • Data Protection Act
  • Financial Sector Assessment
  • Financial Services and Markets Act (UK);
  • Health Insurance Portability and Accountability Act US);
  • Markets in Financial Instruments Directive (EU);
  • Miscellaneous relevant EU Directives;
  • Payment Card Industry Data Security Standards (worldwide);
  • Sarbanes Oxley (US);
  • Single European Payments Area (EU);
• Legal
  • Copyright
  • Legal Disclaimer
  • Privacy
  • Security
  • Links to other sites
• Site Map
• Contact Us
•  

---

?

Information Security Policy

---

BCRM is a firm of management consultants that provides a variety of business based consultancy services.

It owes its success, and its excellent reputation, to its high-quality and professional service.

BCRM's ability to maintain this reputation, and the levels of service to their clients, depends on the highest standards of professionalism and integrity. It is paramount that these standards include the way in which BCRM uses and protects information and information systems. Any loss of confidence in BCRM's ability to provide these services could cause the business to suffer. New technology exposes BCRM to new and potentially greater risks because much greater reliance is placed on automated systems, and because of the extensive use of networked computers. BCRM wants to reap the benefits of the new technology but we will not take unacceptable risks to do so.

It is the BCRM policy to secure information and systems in a manner which meets or exceeds accepted best practice. BCRM will ensure the continuity of their business operations and manage business damage by the implementation of controls to minimise the impact of security incidents.

It is our policy to ensure that:

• a business continuity plan is devised, tested and maintained;
• access to BCRM data and personal data is appropriately controlled;
• all Client data is appropriately protected and is not divulged to any third party without authorisation;
• all employees are aware of their responsibility to adhere to the policy and ensure that all breaches of information security, actual or suspected are reported to, and investigated by, the Information Security Committee.
• all employees are provided with training in information security awareness and individual responsibilities defined;
• all in house systems development is appropriately controlled and tested before live implementation;
• confidentiality and integrity of all information is maintained;
• contractual, regulatory and legislative requirements are met;
• information is accessible to all employees and third parties according to business need and is protected against unauthorised access;
• the premises are protected by suitable physical security and environmental controls, and where appropriate, access is restricted to authorised employees;

This policy provides a clear statement of BCRM's commitment to protect all information assets from threats internal and external, intentional or accidental.

An information security management system provides the framework for the implementation of this policy within BCRM and is supported by a comprehensive set of procedures. This system is regularly reviewed via a risk management process to ensure that all identified risks are covered.

This policy is issued, reviewed at least annually and maintained by the Information Security Manager, who also provides advice and guidance on its implementation and ensures compliance.

All BCRM employees shall comply with this policy.

Sian Watson

Managing Director

Dated: 1 August 2009