Information Security Policy

The Board of Directors and management of Absolute Networks, located at Friar Gate Studios, Ford Street, Derby, which operates in the business sector in the business of IT services, are committed to preserving the confidentiality, integrity and availability of all the physical and electronic information assets throughout their organisation in order to preserve its competitive edge, cash-flow, profitability, legal, regulatory and contractual compliance and commercial image. Information and information security requirements will continue to be aligned with Absolute Networks’ goals and the ISMS is intended to be an enabling mechanism for information sharing, for electronic operations and for reducing information-related risks to acceptable levels.

Absolute Networks’ current strategic business plan and risk management framework provide the context for identifying, assessing, evaluating and controlling information-related risks through the establishment and maintenance of an ISMS. The Risk Register and Statement of Applicability identify how information-related risks are controlled. Head of Risk is responsible for the management and maintenance of the risk treatment plan. Additional risk assessments may, where necessary, be carried out to determine appropriate controls for specific risks.

In particular, business continuity and contingency plans, data backup procedures, avoidance of viruses and hackers, access control to systems and information security incident reporting are fundamental to this policy. Control objectives for each of these areas are supported by specific documented policies and procedures.

Absolute Networks aims to achieve specific, defined information security objectives, which are developed in accordance with the business objectives, the context of the organisation, the results of risk assessments and the risk register.

All Employees/Staff of Absolute Networks are expected to comply with this policy and with the ISMS that implements this policy. All Employees/Staff and certain external parties, will receive or be required to provide appropriate training. The consequences of breaching the information security policy are set out in the disciplinary policy and in contracts and agreements with third parties.

The ISMS is subject to continuous, systematic review and improvement.

Absolute Networks is committed to achieving certification of its ISMS to ISO27001:2013 and compliance with the GDPR.

This policy will be reviewed to respond to any changes in risk assessments or risk register and at least annually.