All information concerning individuals including employees, third party users and clients are covered in the scope of this policy.
3. POLICY STATEMENT
3.1. ISG is committed to compliance with all relevant data protection policies.
3.2. Personal data is classified as refer to classification levels in Data Classification Policy.
3.3. The policy applies to all personal data held by the company, including on wireless notebook computers, personal digital assistants and mobile telephones.
3.4. All Employees/Staff will be provided training to ensure that they understand ISG’s policies and procedures to implement them.
3.5. The disciplinary process will be invoked in circumstances where this policy may have been transgressed.
4. VIOLATION OF POLICY
All employees are obligated to report all violations of policy to the Chief Information Security Officer or ISO immediately. The Chief Information Security Officer must approve any exceptions to this policy in advance.
Failure to comply with these policies may result in:
a. Withdrawal, without notice, of access to information and/or information resources.
b. Disciplinary action, up to and including termination.
c. Civil or criminal penalties as provided by law.
6. DOCUMENT OWNER AND APPROVAL
The Chief Information Security Officer (CISO) is the owner of this document and is responsible for ensuring that this policy document is reviewed in line with the review requirements stated above. A current version of this document is available to all members of staff on the corporate intranet (Empower).
This policy refers to the section 18.1.4 and 18.1.5 of the ISO/IEC 27001 standard.