By accepting, we use cookies to improve your experience and support our marketing. Want to know more? Check our privacy policy or set your own cookie preferences.

Security policy

Introduction

In order to optimise the processes and the quality of the organisation's output, ONEtobeONE business operations must be properly safeguarded and optimized. To achieve this, ONEtobeONE has set up and implemented a management system in accordance with the requirements of ISO 27001. Satisfying the expectations of customers and relevant stakeholders and continuously improving the internal organization is central to this. 

A combination of risk inventories, internal project evaluations, laws and regulations compliance checks and internal audits helps to identify possible improvements within the processes of our organization. By analyzing information and implementing improvements based on this information, a learning organization where continuous improvement is central. 

The ONEtobeONE Information Security Policy applies to all business functions within the scope of the Information Security Management System and covers the information, information systems, networks, physical environment and people supporting these business functions.  This document states the Information Security objectives and the Information Security Policy.

Objective

The objective of Information Security is to ensure business continuity and minimise business damage by preventing and minimising the impact of security incidents.  In particular, information assets must be protected in order to ensure:

  1. Confidentiality i.e. protection against unauthorised disclosure
  1. Integrity i.e. protection against unauthorised or accidental modification
  1. Availability as and when required in pursuance of ONEtobeONE business objectives.

Responsibilities

  1. The management has approved this Information Security Policy.
  1. Overall responsibility for Information Security rests with the Security officer.
  1. Day-to-day responsibility for procedural matters, maintenance and updating of documentation, promotion of security awareness, liaison with external organisations, incident investigation, management reporting etc. rests with the Security officer.
  1. Day-to-day responsibility and liaison with external Organisations for legal compliance including data protection rests with the Security officer.
  1. All employees or agents acting on ONEtobeONE behalf have a duty to safeguard assets, including locations, hardware, software, systems or information, in their care and to report any suspected breach in security without delay.
  1. The Security officer is responsible for implementing this Security Policy and for maintaining any of the similarly related documents within this Management System.
  1. As with other considerations including Quality, Environmental and Health and Safety, Information Security aspects are taken into account in all daily activities, processes, plans, projects, contracts and partnerships entered into by the Organisation.
  1. The Organisation’s employees are advised and trained on the specific aspects of Information Security, according to the requirements of the Organisation.  A confidentiality clause is signed by all members of staff as part of their conditions of contract.
  1. Adherence to Information Security procedures as set out in ONEtobeONE policies and guideline documents is accepted as being part of the standard operating procedures within the Organisation. Failure to comply will result in disciplinary action being taken.
  1. In view of ONEtobeONE’s position as a trusted provider of  global threat intelligence, hunting and response technology, particular care is taken in all procedures and by all employees to safeguard the information security and data transfer of its clients.
  1. All statutory and regulatory requirements are met and regularly monitored for changes.
  1. A Disaster Recovery/Business Continuity Plan is in place.  This is maintained, tested and subjected to regular review.
  1. This Information Security Policy is regularly reviewed and may be amended by the Security officer in order to ensure its continuing viability, applicability and legal compliance, and with a view to achieving continual improvement in the Information Security Systems.