Information Security Policy Statement GDPR, Security, Information Security Policy Statement Crystel
HRLocker recognizes that through the day-to-day operation of its business, we have an impact on our internal and external environment. Also, we ensure that due consideration is given to the potential impact that Information Security aspects may have on the operation of our core processes. As a result, HRLocker has established this Information Security Policy Statement, to communicate awareness and understanding of Information Security aspects throughout the business.
Information Security Leadership at HRLocker has appointed Phil Byrne of Mentor Consulting to develop and implement company initiatives to help us achieve our Information Security goals. Their role will also involve communicating HRLocker policies to all interested parties through the delivery of internal presentations and promoting awareness externally as appropriate. Information Security aspects are considered at our weekly management meetings.
While HRLocker ensures that all personnel consider process-related Information Security impacts, we also have identified the following aspects for attention;
1) HRLocker ensures that we meet relevant regulatory requirements and minimise any adverse Information Security effects caused as a result of our activities,
2) That we raise awareness, provide knowledge and support to employees on Information Security management,
3) Give training on the importance of protecting business and customer information throughout our business,
4) Promote an awareness of Information Security objectives,
5) Regularly review our Information Security practices and policy in accordance with the principles ISO 27001, to which we are certified
6) Establish performance objectives, targets and management programmes to achieve these.
Risk assessments are carried out with the main objective of all being to manage the Confidentiality, Integrity and Availability of company information and systems.
HRLocker has implemented an Internal Audit Programme to ensure that the ongoing suitability, conformity and continual improvement of the management system is assured. The management system has the full support of all interested parties. All operational and support processes are within the scope of the management system. All personnel participate in regular internal audits of the processes in which they are involved. The resulting document is audited externally as part of our certification for ISO 27001.