1.1 IMS Policy
To underpin our quality of service objectives, Cloud Direct operates an Integrated Management System (IMS) embracing best practice IT industry standards. The IMS ensures that our services meet or exceed the expectations of our customers through security and service excellence.
The IMS is designed to meet the requirements of ISO 27001 and ISO 20000. These are independently assessed best practice international standards recognised throughout the IT Industry. Cloud Direct is committed to the provision of high quality IT services supported with integrated information security and IT service management systems.
The IMS provides an essential framework of performance reviews which enables us to ensure that continual improvement is a key process in all our business activities.
A copy of Cloud Directs Information security policy can be made available to interested parties upon request.
Cloud Direct is appraised by UKAS accredited auditors and our IMS management teams carry out regular internal audits. The Cloud Direct management team is fully committed to maintaining a smooth, efficient and effective IMS.
Key objectives of each system are as follows:
1.1.1 Information Security Management Policy
- We operate to industry-recognised best practice information security processes, within the framework of ISO 27001, to preserve the confidentiality, integrity and availability of information.
- We apply quality, local and industry standards that apply to Cloud Direct operations. The continual improvement of Cloud Directs information security and supporting processes is a key discipline promoted across the business.
- We implement and follow an information control policy which includes compliance with regulations under the Data Protection Act (1998) to protect customer, partner, supplier, internal and personal employee information not in the public domain.
- We implement an information security risk assessment process that assesses the effect on business objectives that are likely to result from a security failure and the realistic likelihood of such a failure occurring in the light of prevailing threats, vulnerabilities and controls currently implemented.
- We have implemented a business continuity plan to counteract interruptions to business activities and to protect critical business processes from the effects of major failures or disasters.
- We implement defined security controlled perimeters and access to controlled offices and facilities to prevent unauthorised access, damage and interference to business premises and information.
- Information security awareness guidance and training for all company employees is provided.
- We have implemented and adhere to a secure development policy.
- We have an IMS management team that supports the continuous review and improvement of the company IMS.
- We have implemented incident management and escalation procedures for reporting and investigation of security incidents for IMS management review and action.
- We fulfil all legal, regulatory and contractual obligations.
- We measure security non-conformances each month and trends are tracked for reporting purposes in order to monitor and minimise security risk levels.