At Ocasta we understand the Information Security needs and expectations of interested parties both within the organisation and from external parties including clients, suppliers, regulatory and Governmental departments.
Confidentiality, Integrity and Availability of information in Information Security Management are integral parts of its management function and viewed as their primary responsibility and fundamental to best business practice.
Our Information Security policy is aligned to the requirements of ISO/IEC 27001: 2013; the Company is committed to:
- Always comply to all applicable laws, regulations and contractual obligations
- Implement Information Security Objectives that take into account information security requirements following the results of applicable risk assessments and external audits
- Communicate these Objectives and performance against them to all interested parties
- Keeping the Information Security Management System up to date, comprising of manuals, procedures and best practices which provide direction and guidance on information security matters relating to employees, customers, suppliers and other interested parties who come into contact with our work
- Work closely with Customers, Business partners and Suppliers in seeking to establish appropriate information security standards
- Adopt a forward-thinking approach on all business decisions, including the continual review of risk evaluation criteria, which may impact on Information Security
- Ensure necessary resources to better meet information security requirements
- Instruct all members of staff in the needs and responsibilities of Information Security Management
- Go above and beyond to meet all customer expectations
- Implement continual improvement initiative such as risk assessments and mitigation strategies
The policy has been approved by Ocasta’s directors and is reviewed annually or sooner should a significant change occur in order to ensure its continuing suitability, awareness, adequacy and effectiveness.
Our security objectives include:
- System uptime of 99.5% or higher at all times
- Zero failures of our backup system
- Automated testing where appropriate
- 100% code review of all changes to codebases