Integrated Management System Policy

Introduction

This policy defines how the Integrated Management System comprising the Information Security Management System (ISMS) and Business Continuity Management System (BCMS) will be set up, managed, measured, reported on and developed within OPTISWIFT Technologies Limited.

OPTISWIFT Technologies Limited is committed to providing a service according to client's expectations, ensuring that we take all aspects of Information Security, Business Continuity and Service Management in delivering our services to our clients.

It is the policy of OPTISWIFT Limited Technologies to commit and maintain an Integrated Management System designed to meet the requirements of ISO 27001:2022 and ISO 22301:2019 in pursuit of its primary objectives.

To drive continual improvement within the Integrated Management System, OPTISWIFT Limited Technologies has set objectives on an annual basis as part of the Management Review Process; these objectives ensure the system is appropriately monitored and measured. All objectives are communicated to all staff and include key responsibilities, timescales, and appropriate measures of success.

Policy Commitments

It is our policy to ensure that:

  • All information and systems will be protected against unauthorised access and disclosure.
  • Confidentiality of information will be maintained.
  • Integrity of information is protected from unauthorised modification.
  • Regulatory and legislative requirements will be met.
  • Business continuity plans will be maintained and tested (as far as practicable)
  • All suspected breaches of information security will be reported and investigated.
  • Adequate prevention and detection of malware is in place.
  • Information Security Policies are in place to ensure the safe practice of using our computer and information systems.
  • Quality products and services are always rendered to customers.
  • Customers' needs and expectations are met in line with the agreed service and requirements.
  • Competent external providers that meet all pre-qualifications requirements are engaged.
  • Optimal internal business processes and customer satisfaction, delight, and retainership.
  • Continually improve the effectiveness of the Service Management System and services

IMS Policy Statements

"OPTISWIFT Limited Technologies is committed to maintaining and improving its information security and business continuity processes by adopting an integrated management system based on industry standards. To meet and surpass the expectations of its stakeholders, comply with all relevant regulations and industry requirements."

This provides a framework for integration of the ISO 27001:2022 and ISO 22301:2019 standards.

Setting the IMS Objectives

The high-level objectives for the Integrated Management System within OPTISWIFT Limited Technologies are defined within the document IMS Context, Requirements and Scope. These are fundamental to the nature of the business and are not subject to frequent change.

These overall objectives will be used as guidance in the setting of lower level, more short-term objectives for planning within an annual cycle timed to coincide with organisational budget planning. This will ensure that adequate funding is obtained for the improvement activities identified. These objectives will be based upon a clear understanding of the overall business requirements and how they may change during the year.

Integrated Management objectives will be documented in the IMS Objectives and Management Plan for the relevant financial year, together with details of a plan for how they will be achieved. Once approved, this plan will be reviewed on a quarterly basis as part of the management review process, at which time the objectives will also be reviewed to ensure that they remain valid. If amendments are required, these will be managed through the organisational change management process.

Top Management Leadership and Commitment

Commitment to the Integrated Management System objectives extends to senior levels of the organisation and will be demonstrated through this IMS Policy and the provision of appropriate resources to provide and develop the IMS and associated controls.

Top management will also ensure that a systematic review of performance of the programme is conducted on a regular basis to ensure that quality objectives are being met and relevant issues are identified through the audit programme and management processes. Management review can take several forms including departmental and other management meetings.

Top Management Responsibilities

The Top management shall have overall authority and responsibility for the implementation and management of the Integrated Management System, specifically:

  • The identification, documentation and fulfilment of the Integrated Management System Objectives.
  • Implementation, management, and improvement of risk management processes
  • Integration of operational processes, procedures, and controls
  • Compliance with statutory, regulatory, and contractual requirements
  • Reporting to top management on performance and improvement

Commitment to Satisfying Applicable Requirements

Commitment to the delivery of Integrated Management System extends to senior levels of the organisation and will be demonstrated through this Integrated Management System Policy and the provision of appropriate resources to establish and develop the Integrated Management System.

Top management will also ensure that a systematic review of performance of the programme is conducted on a regular basis to ensure that Integrated Management System objectives are being met and information security and Business Continuity issues are identified through the audit programme and management processes. Management Review can take several forms including departmental and other management meetings. Within the field of Integrated Management System, there are several key roles that need to be undertaken to ensure the success of the IMS and protect the business from risk.

OPTISWIFT Limited Technologies Top Management is also committed to satisfying the following applicable requirements with regards to the IMS by:

  • Ensuring improvement of the information security management systems
  • Providing necessary human, financial and technological resources to establish and develop information security management systems.
  • Providing direction and support for information security in accordance with business requirements and relevant laws and regulations
  • Establishing a management framework to initiate and control the implementation and operation of information security within the organisation.
  • Ensuring that employees and contractors understand their responsibilities and are suitable for the roles for which they are considered.
  • Ensuring that information receives an appropriate level of protection in accordance with its importance to the organisation.
  • Ensuring authorised user access and to prevent unauthorised access to systems and services.
  • Making users accountable for safeguarding their authentication information.
  • Limiting access to information and information processing facilities.
  • Ensuring proper and effective use of cryptography to protect the confidentiality, authenticity and/or integrity of information in OPTISWIFT Limited Technologies.
  • Preventing unauthorised physical access, damage and interference to the organisation's information and information processing facilities.
  • Ensuring correct and secure operations of information processing facilities.
  • Ensuring the protection of information in networks and its supporting information processing facilities using technologies.
  • Ensure that information security is an integral part of information systems across the entire lifecycle. This also includes the requirements for information systems which provide services over public networks.
  • Ensuring operation of the service management system in the organisation.
  • Operating the IMS, ensuring coordination of the activities and the resources.
  • Ensuring Control of parties involved in the service lifecycle
  • Ensuring business relationship management and agreement between parties involved in the service lifecycle.
  • Budgeting and accounting for services or groups of services in accordance with its financial management policies and processes.
  • Ensuring effective release and deployment management in the organisation.
  • Ensuring proper incident and problem management within the organisation.
  • Ensuring regular conduct and treatment of risks to service availability.
  • Conducting business impact analysis and risk assessment.
  • Establishing business continuity strategies and solutions
  • Establishing business continuity plans and procedures
  • Conducting business continuity exercise and testing
  • Ensuring business continuity evaluation.

Continual Improvement of the IMS

OPTISWIFT Limited Technologies policy regarding continual improvement is to:

  • Continually improve the effectiveness of the IMS
  • Enhance current processes to bring them into line with good practice as defined within ISO/IEC 27001:2022 and ISO/IEC 22301:2019
  • Achieve Certification and maintain it on an on-going basis.
  • Review relevant metrics on an annual basis to assess whether it is appropriate to change them, based on collected historical data.
  • Obtain ideas for improvement via regular meetings and other forms of communication with interested parties, including cloud service customers.
  • Review ideas for improvement at regular management meetings to prioritise and assess timescales and benefits.

Ideas for improvements may be obtained from any source including employees, customers, suppliers, IT staff, risk assessments and service reports.