Information Security Management System (ISMS) Policy
It is the policy of HeadBox to maintain an information management system designed to meet the requirements of ISO 27001 in pursuit of its primary objectives including the purpose and the context of the organisation.
It is the policy of HeadBox to:
- make the details of our policy known to all other interested parties including external where appropriate and determine the need for communication and by what methods relevant to the Information Security Management System.
- comply with all legal requirements, codes of practice and all other requirements applicable to our activities; therefore, as a company, we are committed to satisfy applicable requirements related to information security and the continual improvement of the ISMS.
- provide all the resources of equipment, trained and competent staff and any other requirements to enable these objectives to be met;
- ensure that all employees are made aware of their individual obligations in respect of this information security policy;
- maintain a management system that will achieve these objectives and seek continual improvement in the effectiveness and performance of our management system based on “risk”.
This ISMS policy provides a framework for setting, monitoring, reviewing and achieving our objectives, programmes and targets.
To ensure the company maintains its awareness for continuous improvement, the information security management system is regularly reviewed by “Top Management” to ensure it remains appropriate and suitable to our business. The Information Security Management System is subject to both internal and external annual audits.
Top Management and responsibilities at HeadBox consists of:
- Chief Executive Officer - Senior stakeholder and responsible owner for ISO
- Chief Financial Officer - Lead for legislative and regulatory owner and Lead for external communications
- Chief Technology Officer - Lead for continuous improvement
- Chief Technology Officer - Lead for information security
- Chief Operating Officer - Lead for internal communications
- Chief Operating Officer - Lead for external communications
- Data Protection Officer (DPO) - Lead for data privacy and ISMS auditory lead
Scope of the Policy
The scope of this policy relates to use of the database and computer systems operated by the company in pursuit of the company’s business of providing an online marketplace for inspiring meeting, offsite and event Space bookings to consumers, small to medium business and the enterprise. It also relates where appropriate to external risk sources including functions which are outsourced.