Doclan ISMS Policy Statement
Information is a fundamentally critical and valuable business asset for Doclan MDS. As such we recognise its security, accessibility and integrity are essential for our staff and customers to be able to carry out their work successfully. Our objective is to ensure that all information and information systems which are of value to Doclan MDS are adequately protected from all threats which could potentially disrupt or compromise it.
Our policies provide a framework for the management and security of Doclan MDS information assets from all threats –whether internal or external, deliberate or accidental, and covers all aspects of information security including physical security, from access to our site to data stored on computers, transmitted across networks, printed or written on paper, stored on disk, on fixed or removable drives.
Our assets are defined as an item or body of information, an information storage system, an information processing system or any related intellectual property; and that of third parties under our control.
Our policies have been compiled to establish a security framework with supporting documented procedures to protect against security threats and minimise the likelihood and impact of security incidents.
This policy statement applies to:
a) All those with access to Doclan MDS or customer systems
b) All information (data) made available to Doclan MDS pursuant to its operational activities
c) Principal information assets including the physical locations from which Doclan MDS operates.
Doclan MDS is committed to all aspects of this information security system and aims to continually improve our performance in information security, based on the International standard ISO27001:2013.
Doclan MDS complies and will continue to comply with all legal and regulatory requirements affecting our handling of data and information. However, as Doclan is not a data controller but a data processor Doclan MDS is registered with the ICO. Our suite of systems do however process data transparently (including deletion). This is to ensure that our customers are able to fully comply with all current Data Protection legislation.
Doclan MDS is directly responsible for implementing this policy and its supporting procedures within each business area, and for adherence by its staff. It is the responsibility of each employee to adhere to the policy. Disciplinary processes will be applicable if staff fail to abide by these requirements.
All staff will receive appropriate and sufficient information security training and guidance. All breaches of information security including unauthorised disclosure, actual or suspected, must be reported by staff to their direct report and/or a Doclan Director. All breaches of information security must be documented and investigated.
DOCLAN DIRECTOR DATE APRIL 2022