INTERNATIONAL SOS. Information Security Policy. Version 1.02



Similar documents
INTERNATIONAL SOS. Data Protection Policy. Version 1.05

INTERNATIONAL SOS. Data Retention, Archiving and Destruction Policy. Version 1.07

Letter from the Chief Executive Officer and Chairman and the Group Medical Director

Guideline for Roles & Responsibilities in Information Asset Management

FISH AND WILDLIFE SERVICE INFORMATION RESOURCES MANAGEMENT. Chapter 7 Information Technology (IT) Security Program 270 FW 7 TABLE OF CONTENTS

Issue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager

UTech Services Compliance, Auditing, Risk, and Security (CARS) Team Charter

Legislative Language

Who Should Know This Policy 2 Definitions 2 Contacts 3 Procedures 3 Forms 5 Related Documents 5 Revision History 5 FAQs 5

FIRST DATA CORPORATION SUMMARY: BINDING CORPORATE RULES FOR DATA PRIVACY AND PROTECTION

ISO COMPLIANCE WITH OBSERVEIT

Data Processing Agreement for Oracle Cloud Services

Key Considerations for Information Technology Governance. 900 Monroe NW Grand Rapids, MI (616)

Areas of Compliance. Compliance. What Are the Compliance Plan Objectives? Plan Relevance. The Plan Formalizes the Objectives. Compliance Plan Benefits

Wright State University Information Security

FINAL May Guideline on Security Systems for Safeguarding Customer Information

Title: Data Security Policy Code: Date: rev Approved: WPL INTRODUCTION

Office 365 Data Processing Agreement with Model Clauses

IT SECURITY EDUCATION AWARENESS TRAINING POLICY OCIO TABLE OF CONTENTS

INFORMATION TECHNOLOGY SECURITY STANDARDS

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

<Choose> Addendum Windows Azure Data Processing Agreement Amendment ID M129

Privacy Statement. What Personal Information We Collect. Australia

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries

PBGC Information Security Policy

Surveillance Equipment

Crime Statistics Data Security Standards. Office of the Commissioner for Privacy and Data Protection

Information Security Management System Policy

Terms and Conditions- OnAER Remote Monitoring Service

INFORMATION SECURITY POLICY

TABLE OF CONTENTS Information Systems Security Handbook Information Systems Security program elements. 7

CPA Global North America LLC SAFE HARBOR PRIVACY POLICY. Introduction

Human Resources Policy No. HR46

BEST PRACTICES IN MARKETING DATA GOVERNANCE

INFORMATION TECHNOLOGY Policy 8400 (Regulation 8400) Data Security

COLLINS CONSULTING, Inc.

Canadian Air Transport Security Authority

Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 EES

Australian Ethical Investment Limited and Australian Ethical Superannuation Pty Ltd. Code of Conduct

Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID MOS10

9/14/2015. Before we begin. Learning Objectives. Kevin Secrest IT Audit Manager, University of Pennsylvania

ISO Controls and Objectives

INFORMATION GOVERNANCE POLICY

EA-ISP-001 Information Security Policy

PROTECTION OF PERSONAL INFORMATION

Macarthur Minerals Limited CODE OF CONDUCT. February 2012

Puerto Rican Family Institute, Inc.

Information Governance Policy

Information Security Management System Information Security Policy

Client information note Assessment process Management systems service outline

Ulster University Standard Cover Sheet

INFORMATION SECURITY MANAGEMENT POLICY

The supplier shall have appropriate policies and procedures in place to ensure compliance with

Acquia Comments on EU Recommendations for Data Processing in the Cloud

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

NHS Business Services Authority Information Security Policy

University of Sunderland Business Assurance Information Security Policy

Identity Theft Prevention Policy

Security Control Standard

CATSA Screening Contractor Management System Standard (2015)

The potential legal consequences of a personal data breach

HIPAA COMPLIANCE PLAN. For. CHARLES RETINA INSTITUTE (Practice Name)

DRUG AND ALCOHOL POLICY AND PROGRAM

Information Security Policy

Access Control Policy

Copyright 2014 Carnegie Mellon University The Cyber Resilience Review is based on the Cyber Resilience Evaluation Method and the CERT Resilience

KEELE UNIVERSITY IT INFORMATION SECURITY POLICY

Information Security Program

HARVARD PILGRIM HEALTH CARE, INC. PRIVACY AND SECURITY AGREEMENT

APHIS INTERNET USE AND SECURITY POLICY

Need to protect your information? Take action with BSI s ISO/IEC

TERMS OF SERVICE TELEPORT REQUEST RECEIVERS

Document Control. Version Control. Sunbeam House Services Policy Document. Data Breach Management Policy. Effective Date: 01 October 2014

Network Security: Policies and Guidelines for Effective Network Management

HIPAA BUSINESS ASSOCIATE AGREEMENT

Windows Least Privilege Management and Beyond

Information security policy

Information Governance Framework and Strategy. November 2014

3Degrees Group, Inc. Privacy Policy

Security Certification & Accreditation of Federal Information Systems A Tutorial

TELEFÓNICA UK LTD. Introduction to Security Policy

Data Protection Breach Management Policy

Vanderbilt University

Transcription:

INTERNATIONAL SOS Information Security Policy Document Owner: LCIS Division Document Manager: Group General Counsel Effective: October 2009 Revised: 2015 All copyright in these materials are reserved to AEA International Holdings Pte. Ltd. No text contained in these materials may be reproduced, duplicated or copied by any means or in any form, in whole or in part, without the prior written permission of AEA International Holdings Pte. Ltd. The only controlled copy of this document is maintained electronically. If this document is printed, the printed version is an uncontrolled copy.

TABLE OF CONTENTS 1. INTRODUCTION... 3 2. THE POLICY... 3 2.1. Information Security Policy... 3 2.2. Organizational Security... 3 2.3. Human Resource Security... 3 2.4. Systems Development and Maintenance Cycle... 3 2.5. Access Control... 4 2.6. Business Continuity Management... 4 2.7. Information Security Incident Reporting... 4 2.8. Compliance... 4 3. RESPONSIBILITY... 4 4. ENFORCEMENTOF THIS POLICY... 5 Page 2 of 5

1. INTRODUCTION 1.1. Information Security is a priority at International SOS. We devote significant resources to ensure the confidentiality, integrity and availability of our data. International SOS is committed to continuously evaluating and improving our Policies, standards, processes and information systems in supporting business and customer services, in contributing to operational and strategic business decisions, and in conforming to legal and statutory requirements. 2. THE POLICY To achieve these information security objectives, we adopt industry standards and best practices in each of the following control domains: 2.1. Information Security Policy 2.1.1. We have adopted an Information Security Policy and Standards that are aligned with ISO/IEC 27002. These are constantly being reviewed and updated by the Information Security Management Sub-Committee (ISMC). The ISMC is responsible for developing the information security framework and enforcing the Information Security Policy across the International SOS Group. The International SOS Data Protection Steering Committee provides business input into the development of the information assurance strategy, and oversees the work of the ISMC. 2.2. Organizational Security 2.2.1. The protection of information assets is the responsibility of every employee at International SOS. To ensure that the information security objectives are achievable and the Information Security Policy is complied with, we have created an Organizational Security structure with the mission to plan, manage and implement effective information protection controls. 2.3. Human Resource Security 2.3.1. Our Human Resource Security controls also include background checks and security clearances that are required for specific positions, to ensure that staff who have access to sensitive information have been appropriately vetted. 2.4. Systems Development and Maintenance Cycle 2.4.1. Information systems changes follow a stringent change and release control process that includes user testing and acceptance and quality acceptance, prior to implementation. Controls such as risk assessments, development checklists and secure coding are incorporated in the Systems Development and Maintenance Cycle to ensure that security is properly addressed in the information systems that we develop. Page 3 of 5

2.5. Access Control 2.5.1. Sensitive information is restricted on a least-privilege basis, with access controlled based on the business requirements. This approach aims to reduce the risks associated with misuse, including: alteration, destruction and unauthorized dissemination of information. 2.6. Business Continuity Management 2.6.1. Our Business Continuity Management involves the assessment of a variety of risks to organizational processes and the creation of standards, procedures and processes and plans to minimize the impact those risks might have on the organization and our customers if they occur. 2.7. Information Security Incident Reporting 2.7.1. We have put in place an Information Security Incident Reporting process that tracks and monitors incidents. The information security team investigates and leads the follow up actions within twenty-four hours of all Priority 1 incidents. All material incidents are also reported and reviewed by the Information Security Management Committee on a monthly basis. 2.8. Compliance 2.8.1. Our employees are bound by laws and regulations to protect personal data in the countries in which we do business and in which we gather, store and transfer personal data. We have implemented an enforcement plan to assure the effectiveness of our Data Protection Policy. We strive to ensure Compliance with the law and with industry standards such as the Data Protection Safe Harbor Principles in the United States and the Data Protection Binding Corporate Rules regime in the European Union. The Data Protection Policy can be found at http://www.internationalsos.com/en/files/policy_dataprotection.pdf. 3. RESPONSIBILITY 3.1. All employees and contractors are required to read, understand and abide by International SOS s data protection and information security requirements. Employees are required to sign an Information Security Policy statement and a confidentiality agreement. Standard form agreements with contractors contain obligations with regard to data protection and confidentiality. Page 4 of 5

4. ENFORCEMENTOF THIS POLICY 4.1. Breaches of this Policy may have serious legal and reputation repercussions and could cause serious damage to Intl.SOS. Consequently, breaches can potentially lead to disciplinary action. 2015 All copyright in these materials are reserved to AEA International Holdings Pte. Ltd. No text contained in these materials may be reproduced, duplicated or copied by any means or in any form, in whole or in part, without the prior written permission of AEA International Holdings Pte. Ltd. Page 5 of 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information