It is the policy of the company to operate and maintain an Information Security Management System (ISMS) to the requirements of ISO 27001:2013. Our ISMS is an acknowledgement that information is a critical business asset and that protecting the confidentiality, integrity, and availability of information assets from all threats whether internal, external, deliberate or accidental is a business priority.

We will ensure we have implemented appropriate controls to secure our information assets, and thosewe are responsible for, using physical, procedural, staff and technical security measures.In addition, we will:

• Comply with all applicable laws,regulations, and contractual obligations
• Implement continual improvement initiatives, including risk assessment and risk treatment strategies
• Communicate Information Security objectives and review of performance in achieving these objectives, throughout the organisation and to interested parties
• Work closely with interested parties in preserving Information Security
• Complete Information Security Awareness Training with all staff
• Constantly strive to meet and where possible exceed customer’s expectations

Responsibility for upholding this policy is the responsibility of all staff with full support of the companymanagement.

We shall review, measure, and monitor our Information Security framework, documentation and implemented controls on an ongoing basis to ensure their relevance and effectiveness in protecting our information assets with the aim of continual improvement of our systems and performance.Formal review of the ISMS and objectives are completed annually and documented during Management Review.