Information Security Policy

Purpose and scope

This document sets out the Information Security Policy for Forensic Analytics Ltd.

Target Audience

  • All Forensic Analytics’ staff including contractors

  • Stakeholders including external customers

  • All other interested parties

Definitions, Acronyms, and Abbreviations

ISMS – Information Security Management System

ISF – Information Security Forum

Responsibilities

The Chief Executive is responsible for the authorisation of the Information security policy for and on behalf of Forensic Analytics.

The Executive Sponsor, the Service Operations Director, is responsible for the further development and maintenance of the Information Security Management System.

All staff are responsible for reading and acknowledging this policy and ensuring they are aware of all associated ISMS documentation.

Information Security Policy

The Forensic Analytics Leadership team hereby commits its support to a formalised Information Security Management System (ISMS) relevant to the safeguarding of information collected, generated, or otherwise entrusted to the organisation. To support this commitment, Forensic Analytics has appointed an Executive Sponsor to be responsible for the further development and maintenance of the ISMS.

Operationally, the Executive Sponsor has formed an Information Security Forum (ISF) comprising of the Enterprise Architect, Development Manager, Human Resources Manager and representatives from the Quality and Compliance team, and other interested parties as required, who are charged with the responsibility for developing a robust and effective Information Security strategy and maintaining the ISMS.

To further support the organisation’s ISMS and Information Security strategy, Forensic Analytics has committed additional investment for cybersecurity tools/ monitoring, ICT infrastructure, and other resources including training for staff. Forensic Analytics is committed to comply with the requirements of the ISO 27001 framework and other applicable requirements including the Forensic Science Regulator’s statutory code of practice.

Forensic Analytics, like any other organisation, is exposed to potential threats which could damage its ability to provide the “confidentiality”, “integrity” and “availability” of assets and information. To address these threats Forensic Analytics will ensure there are management processes and controls in place to:

  • Protect information from unauthorised access and disclosure.

  • Protect confidentiality of data.

  • Preserve the integrity of data.

  • Preserve the availability of data and information systems are available when require.

  • Ensure security is an integral part of information systems.

  • Improve information security.

To deliver these processes and controls Forensic Analytics maintains a comprehensive Information Security Management System (ISMS) and will ensure provision of:

  • Information security objectives to preserve the confidentiality, integrity, and availability of information.

  • A robust risk management process.

  • Appropriate physical security measures.

  • Information security awareness.

  • Prevention of data loss.

  • Measures to prevent, minimise and as possible reduce the risk of malware, system compromise, human generated incidents, unidentified devices on the internal networks.

  • Timely patch delivery.

Forensic Analytics is committed to the continual improvement of the ISMS and the maturing of its information security posture through risk management; data impact assessments; incident response; internal audit and system penetration testing; technical controls; information security policy; behavioural controls; information security awareness training; contractual agreements; performance evaluation; other methods deemed necessary, the results of which are subject to periodic management review.

The Information Security Policy is communicated and applied at all levels within the organisation. It is made available upon request to investors, customers, external providers, and any other interested parties.

Forensic Analytics demonstrates the effectiveness of the QMS by conformance with certification to the international standard ISO 27001.

The information Security Policy is authorised by Steve Rick, Chief Executive of Forensic Analytics. This policy is subject to regular review to ensure that it remains fit for purpose.

Qualio POL-2 V3.0

Name: Steve Rick

Role: Chief Executive