ISO 27001 – Information Security

Genus / ISO 27001 – Information Security

ISO 27001:2013

At Genus we take our data security responsibilities seriously, many of our core clients operate within the financial, defence, healthcare and government spaces. Information security and data protection is an integral part of what we do. Achieving and maintaining the ISO 27001 certification is an extensive process. It is a testament to the integrity of our security controls and gives our clients confidence that we can be trusted with their data, especially when handling and managing sensitive information.

ISO 27001 certification is a significant differentiator for Genus and really completes our mission and vision of being an authority in imaging technologies.

Information Security Policy

It is the policy of Genus to establish, maintain and improve an Information Security Management System (ISMS) that complies with the ISO 27001:2013 standard. The ISMS will guarantee the confidentiality, integrity and availability of information of our stakeholders.

Our Information Security Management System is an ongoing cycle of activities, aimed at meeting demands from stakeholders that are related to information security, in an efficient and reliable manner.

All individuals are responsible for ensuring that the tasks they complete, or are responsible for, follow the documented policies, processes, procedures and standards.

Specific objectives are decided at our management review meetings where targets are set and performance reviewed.

Genus has developed this Information Security Policy to:

Provide direction and support for information security in accordance with business requirements, regulations and legal requirements
State the responsibilities of staff and any other individual or organisation having access to Genus information assets
Establish controls for protecting Genus and customer’s information and information systems against theft, abuse and other forms of harm and loss
State management intent to support the goals and principles of security in line with business strategy and objectives
Provide a framework by which the confidentiality, integrity and availability of information assets can be maintained
Optimise the management of risks, by preventing and minimising the impact of Information Security incidents
Ensure that all breaches of information security are reported, investigated and appropriate action taken where required
Ensure that supporting ISMS policies and procedures are regularly reviewed and continual improvement is maintained to ensure progressive good working practices and procedures
Ensure information security requirements are regularly communicated to all relevant parties
Motivate employees to maintain the responsibility for, ownership of and knowledge about information security, in order to minimise the risk of security incidents

This policy is communicated to all staff as per our Staff Induction Procedure and a copy is provided within the Employee Handbook. Customers and Suppliers are notified by our website and by direct communication where necessary.

A copy of this policy is made available to all stakeholders upon request.