This Information Security Management System (ISMS) is the means by which EBC Group (UK) Limited (the ‘Organisation’) satisfies the requirements of BS ISO/IEC 27001 : 2017 with regard to the Organisation’s overall business risks. It specifies the requirements for the implementation of security controls, customised to the needs of the Organisation or to specific parts thereof.
The Organisation is obliged to ensure that the controls contained in the ISO Manual are fully and completely understood by its employees, and that its procedures and control documentation are implemented and maintained at all times. All of the components of this ISMS are periodically and systematically reviewed by both internal and external audit procedures.
A nominated member of staff has been appointed by the Organisation’s Managing Director to be responsible for the control of all matters relating to the implementation, control and continuing audit of these procedures.
The implementation and continuing control of this Standard are fundamental to all work undertaken by the Organisation. The procedures established shall be adopted and practised by all employees at every level in the Organisation’s structure.
The Organisation has adopted the process approach for developing, implementing and improving the effectiveness of its ISMS.
The Organisation, in adopting the process approach is committed to:
- Understanding business information security requirements and the need to establish policy and objectives for information security
- Implementing and operating controls in the context of managing the Organisation’s overall business risk
- Monitoring and reviewing the performance and effectiveness of the ISMS
- Continual improvement based on objective measures
- Communicate throughout the Organisation the importance of meeting all relevant statutory and regulatory requirements specifically related to its business activities
- Ensuring that adequate resources are determined and provided to monitor and maintain the ISMS.