ISO 27001:2013 High Level Information Security Policy

Author: Danielle Johnsen (VP of Compliance)
Date: 5 April 2017
Version: 2.0

This document defines Digital Edge’s policy on Information Security and is based on the following principles.

  • Maintaining confidentiality, integrity and availability of information.
  • Handling information appropriately and according to its data classification.
  • Preventing disruption to work of Digital Edge infrastructure, Digital Edge's clients and their infrastructures that lead to financial loss or loss of reputation to Digital Edge.
  • Ensuring business continuity and minimizing business damage by managing and minimizing the impact of information security incidents.

Version history:

Version
Date
Notes
1.0 March 27, 2017 Initial policy
2.0 April 5, 2017 Approved by ISO review board

 


Introduction

The confidentiality, integrity and availability of information are of great importance to the operation of Digital Edge and its executives. Failure in any of these areas can result in disruption to the services that Digital Edge provides, as well as loss in confidence in the Digital Edge team by current and potential clients. The security of our information and other assets is therefore regarded as fundamental to the successful operation of Digital Edge.

Scope

Provision of Information Security for Help Desk, Support, Project Processing and Cloud Service Delivery Solutions to Commercial, Federal, Civilian, DoD and Intelligence Communities.

The selection of the risk reducing measures is documented in the Statement of Applicability (SOA) version 3.2 of 23 March 2017.

Policy Statements

These policy objectives are achieved through the implementation of our Information Security Policy, which includes security standards, procedures and guidelines developed in accordance with ISO 27001:2013. It is Digital Edge’s policy to:

  • safeguard the accuracy and completeness of information and processing methods;
  • ensure that authorized users have access to information and associated assets when required;
  • ensure that information it manages shall be secured to protect against the consequences of breaches of confidentiality, failures of integrity or interruptions to the availability of that information;
  • define an information classification scheme describing classes and how information of a particular class should be managed (stored, accessed, transmitted, shared, and disposed of);
  • meet all information security requirements under appropriate regulations, legislation, organization policies and contractual obligations;
  • address the security of all of our services and processes to ensure that risks are identified, and appropriate controls are implemented and documented;
  • provide a secure working environment for staff and contractors at our sites;
  • produce business continuity and incident response plans for strategic Digital Edge's infrastructure and its services, which will be maintained and tested on a regular basis;
  • require all third parties working on our behalf to ensure that the confidentiality, integrity and availability requirements of all business systems are met;
  • promote this policy and raise awareness of information security throughout Digital Edge's staff;
  • provide appropriate information security training for our staff.

Responsibilities

Ultimate responsibility for the execution of this policy rests with the Chief Information Security Officer (CISO) of Digital Edge. The executives and heads of departments, assisted by the VP of Compliance, are responsible for the production and maintenance of Digital Edge's Security Policies, the controls to enforce the policies and the provision of advice and guidance on its implementation and maintenance.

All breaches of information security will be reported according to Digital Edge's Information Security Policies and Procedures and investigated by appropriate staff according to the Incident Response Plan.
It is the responsibility of all staff to adhere to this policy.

Digital Edge reserves the right to inspect any data stored on Digital Edge's infrastructure or telecommunication systems, or transmitted or received via Digital Edge’s networks, during the investigation of security incidents, or safeguarding against security threats.

Within this policy, the following individuals have the following responsibilities:

Responsibility
Owner
Execution of this policy CISO
Sponsor and Quality Assurance of this policy VP of Compliance
Production, maintenance, control of this policies VP of Compliance
Protection of Information Systems and assurance that security processes and controls have been carried out VP of Operation Security
Initiation, coordination and investigation of potential breaches in policy  VP of Compliance
Ensuring staff have an awareness of and put appropriate controls in place to adhere to the policies VP of Operation Security
Provide advice, guidance, training and support on information security. CISO
Adherence to policy All staff

Review

This Information Security Policy will be reviewed annually or updated as necessary by the Compliance Team to ensure that it remains current in the light of relevant legislation, organizational procedures or contractual obligations. Changes will be agreed by the Digital Edge ISO Board, and authorization and quality assurance will be provided by the Digital Edge ISO Board.


 

 

 

 

LET'S TALK: 800-714-5143