Information Security Management
System Policy Statement
Maintel is a leading communications services company specialising in managing technology consolidation and delivering integrated solutions encompassing the inspection, connection, installation and maintenance of various telecommunications, mobile, wireless, document management, network, data equipment and systems.
All activities of Maintel covering the Marketing, Sales, Installation and Support of telecommunications, mobile, wireless, document management, network, data equipment and systems are covered by the Information Security Management System (ISMS) at all of the company locations.
Maintel consider Information Security aspects as a top priority for customer confidence, legal, regulatory and contractual compliance and the protection of the brand and commit to ensuring all information is handled in a secure manner and maintaining the ISMS to meet the requirements of ISO27001:2013, Payment Card Industry Data security Standard (PCI-DSS), the Health and Social Care Network (HSCN) CESG Assured Service (Telecoms) (CAST(T)) and Cyber Essentials Plus in pursuit of its primary objectives.
To ensure business continuity and minimise business damage by preventing and minimising the impact of security incidents. In deploying the Maintel ISMS, the Management Team aim to maintain existing known risks at their current low level and ensure that new and changing risks are managed in an equally consistent and professional manner.
To protect both Maintel and its Customers physical and electronic information assets from all threats, both internal and external, deliberate or accidental, including those related to card holder data throughout the organisation. Protection of information is set out in terms of:
- Confidentiality: ensuring only persons who are authorised have access to information
- Integrity: ensuring the purity, accuracy and completeness of information
- Availability: ensuring information, associated assets, and systems can be accessed when required by authorised persons
- Regulatory: regarding regulations, laws and codes of practice in each country where it operates as a minimum standard in its Information security management standard
In particular Maintel will:
- Ensure that Maintel management and employees comply with the requirements of the security policy and that confidentiality of information will be maintained
- Minimise the risk of damage to company assets, information, reputation, hardware, software or data
- Ensure that Maintel people and computer systems do not infringe any copyright, licensing or laws
- Set out clearly the company’s policies relating to all aspects of the management of information, hardware, firmware, software and prevention and detection of malware
- Define a systematic approach to risk assessment by identifying a method that is suited to the ISMS, the identified business information security, legal and regulatory requirements and setting policy and objectives for the ISMS to reduce risks to acceptable levels
- Business continuity plans will be maintained and tested (as far as practicable)
- Appropriate training will be provided for all employees
- The ISMS is maintained by a schedule of Internal audits carried out by competent internal auditors
The Head of Information Security has direct responsibility for maintaining the Security Policy and providing advice and guidance on its implementation.
All managers are directly responsible for implementing the Security Policy within their business areas, and for adherence by their staff.
It is the responsibility of each member of staff to adhere to the Security Policy. Failure to do so may result in disciplinary action.
The overall responsibility for ensuring that the Policy is implemented, developed and reviewed effectively rests with the Chief Executive Officer. This responsibility will be delegated throughout the management structure reflecting our continued commitment to Security at all levels throughout Maintel.
This statement represents our general position on Information Security issues, and the policies and practices we will apply in conducting our business.