Information Security Policy Statement

HRLocker Information Security Policy Statement

HRLocker acknowledges that its day-to-day business operations have a significant impact on both the internal and external environments. Furthermore, we are committed to ensuring that Information Security is integrated into our core processes and that potential risks are carefully managed. To address this, HRLocker has established this Information Security Policy Statement to promote awareness and understanding of Information Security across the company.

Information Security Leadership

HRLocker has appointed Phil Byrne of Mentor Consulting to lead our Information Security initiatives. Phil's responsibilities include:

• Developing and implementing security strategies to achieve our Information Security objectives.
• Communicating HRLocker's policies to all relevant stakeholders through internal presentations and, when appropriate, externally promoting awareness of our Information Security practices.
• Attending weekly management meetings to ensure that Information Security aspects are considered in the company's decision-making processes.

Key Focus Areas for Information Security at HRLocker

1. Regulatory Compliance:

   • We ensure that HRLocker meets all relevant regulatory requirements and mitigates any potential adverse impacts related to Information Security that may arise from our operations.

2. Employee Knowledge and Support:

   • HRLocker provides support and raises awareness among employees regarding Information Security management. This includes providing the necessary tools and resources to handle Information Security matters effectively.

3. Training:

   • We offer training programs focused on the importance of safeguarding both business and customer information, reinforcing the need for Information Security across all levels of the business.

4. Awareness of Information Security Objectives:

   • Promoting a company-wide understanding of our Information Security objectives is key to ensuring that employees are aligned with our security goals.

5. Regular Policy Reviews:

   • Our Information Security practices and policies are reviewed regularly to ensure that they align with the principles of ISO 27001, the international standard for Information Security, to which HRLocker is certified.

6. Performance Objectives:

   • We establish clear Information Security objectives, targets, and management programs to help achieve these goals.

Risk Management and ISO 27001 Compliance

To ensure the Confidentiality, Integrity, and Availability of HRLocker's information and systems, risk assessments are regularly carried out. These assessments help identify potential vulnerabilities and guide the implementation of security measures to mitigate risks.

Internal Auditing and Continuous Improvement

HRLocker has implemented an Internal Audit Programme to ensure ongoing compliance, suitability, and continuous improvement of our Information Security Management System (ISMS).

• Regular internal audits involve all personnel, allowing employees to review and assess the processes they work within.
• HRLocker's ISMS is also audited externally as part of our certification to ISO 27001, ensuring that we adhere to global best practices in Information Security.

Commitment to Security

HRLocker is fully committed to upholding the principles of this Information Security Policy. Our management system receives the full support of all interested parties, and all operational and support processes fall within the scope of our ISMS. This ensures that we maintain the highest standards of Information Security across our organization.

By fostering a strong culture of Information Security, HRLocker ensures that our operations continue to meet the highest standards of confidentiality, integrity, and availability, benefiting both our business and our customers.