Information Security Policy (Updated 14/05/2019)
EAZY COLLECT SERVICES LIMITED recognises that IT Services and information are valuable assets which are essential in supporting the company’s strategic objectives.
To support our goals we will operate, maintain and continuously improve information security in all areas. In order to achieve this we have adopted ISO 27001:2013 and have implemented a formal information security management system.
We have established top level objectives in order to monitor and measure the efficiency of our Information Security and these are regularly reviewed by our Board of Directors. ECS has both legal and moral obligations to protect the information in its care and recognises that effective information security management is critical to ensure the successful delivery of its products and services. The company is committed to preserving the confidentiality, integrity and availability of all physical and electronic information assets.
Information security management is an ongoing cycle of activity aimed at continuous improvement in response to emerging and changing threats and vulnerabilities. It can be defined as the process of protecting information from unauthorised access, disclosure, modification or destruction and is vital for the protection of information and the ECS’s reputation.
A copy of the Information Security Policy Statement is made available to all interested parties via the company website. If an interested party requires further information pertaining to specific policies, or objectives then this shall be handled through the Information Security Officer.
ECS shall review Information Security policies for their efficacy and appropriateness in the following circumstances:
- Once a year.
- When services, policies or any activity performed by the company or applying to the company changes that significantly changes items identified within the Information Security Risk assessment.
- Following an Information Security Incident in order to identify and correct any failures in process, procedure or work instruction that may have led to the information security incident.