Purpose
The purpose of this policy is to provide a statement of intent with regards to the implementation of Information Security management in Funds-Axis. The aim of the information security policy is to preserve:
- Confidentiality: information is not made available or disclosed to unauthorised individuals, entities or processes;
- Integrity: the accuracy and completeness of information is safeguarded;
- Availability: information is accessible and usable upon demand by an authorised entity;
The Information Security Management System will be established against the requirements of ISO27001:2013 and will be used to identify, assess and control the risks associated with information security. The overall objective is to continually improve the information security controls within the Organization.
Whilst Senior Management retain overall responsibility for information security, all employees are responsible for ensuring that best practice is implemented at all times and for complying with the requirements of the Information Security Management System.
This policy will be subject to regular reviews in order to ensure that it continues to reflect the requirements of the Organisation.
Policy
Funds-Axis are a RegTECH (Regulatory Technology) company, with a unique combination of regulatory expertise and best-of-breed technology. We take the complex challenges with risk, compliance and regulatory reporting and are making them very simple.
Funds-Axis are committed to meeting the requirements and expectations of our clients, ISO 27001:2013 standard and any statutory or regulatory requirements, which bear on our products and services.
This will be achieved by securing and retaining clients and actively monitoring their satisfaction, whilst developing our people and services to satisfy their needs. We will sustain this by continually improving the effectiveness of our Integrated Information Security Management System (ISMS).
Funds-Axis commits to:
- Establish Information security objectives and regularly monitor progress against them to ensure we meet the needs of our clients, employees and others affected by our work
- Maintain the ISMS and controls in compliance with ISO 27001:2013
- Continually review the effectiveness of our ISMS through regular management review to ensure at all times we operate to the highest standards of client and regulatory requirements
- Develop and continually improve all our business processes
- Invest in the necessary education, awareness and training to develop the expertise and competences of all our employees
- Constantly strive to foster a culture that encourages and rewards employees to give their commitment to achieving our objectives and driving excellence in our business
- Maintain effective communication systems to ensure that all those working on our behalf are aware of the Information security policy and understand the contribution they make to information security performance and improvement.
Our Information security policy is made available to all staff at induction and is available to customers and other interested parties upon request.