Legal Information

Information Security Policy

1.1 IMS Policy

To underpin our quality of service objectives, Cloud Direct operates an Integrated Management System (IMS) embracing best practice IT industry standards. The IMS ensures that our services meet or exceed the expectations of our customers through security and service excellence.

The IMS is designed to meet the requirements of ISO 27001 and ISO 20000. These are independently assessed best practice international standards recognised throughout the IT Industry. Cloud Direct is committed to the provision of high quality IT services supported with integrated information security and IT service management systems.

The IMS provides an essential framework of performance reviews which enables us to ensure that continual improvement is a key process in all our business activities.

A copy of Cloud Directs Information security policy can be made available to interested parties upon request.

Cloud Direct is appraised by UKAS accredited auditors and our IMS management teams carry out regular internal audits. The Cloud Direct management team is fully committed to maintaining a smooth, efficient and effective IMS.

Key objectives of each system are as follows:

1.1.1 Information Security Management Policy

  • We operate to industry-recognised best practice information security processes, within the framework of ISO 27001, to preserve the confidentiality, integrity and availability of information.
  • We apply quality, local and industry standards that apply to Cloud Direct operations. This includes assessment of Microsoft best practice guidance for the physical, network, server, and data security. Appropriate tools and techniques will be implemented to meet internal, Microsoft, and customer solution requirements.
  • The continual improvement of Cloud Direct’s information security and supporting processes is a key discipline promoted across the business.
  • We implement and follow an information control policy which includes compliance with regulations under the Data Protection Act (2018) to protect customer, partner, supplier, internal and personal employee information not in the public domain.
  • We implement an information security risk assessment process that assesses the effect on business objectives that are likely to result from a security failure and the realistic likelihood of such a failure occurring in the light of prevailing threats, vulnerabilities and controls currently implemented.
  • We have implemented a business continuity plan to counteract interruptions to business activities and to protect critical business processes from the effects of major failures or disasters.
  • We implement defined security-controlled perimeters and access to controlled offices and facilities to prevent unauthorised access, damage and interference to business premises and information.
  • Information security awareness guidance and training for all company employees is provided.
  • We have implemented and adhere to a secure development policy.
  • We have an IMS management team that supports the continuous review and improvement of the company IMS.
  • We have implemented incident management and escalation procedures for reporting and investigation of security incidents for IMS management review and action.
  • We fulfil all legal, regulatory and contractual obligations.
  • We measure security non-conformances each month and trends are tracked for reporting purposes in order to monitor and minimise security risk levels.

1.1.2 Service Management Policy

  • We plan and engineer our delivery processes around the industry-recognised ITIL and ISO 20000 standards ensuring that we deliver to the highest standards of IT Service Management.
  • We have an IMS management team with clear accountability that support the continuous review and improvement of the company IMS.
  • We apply quality, local and industry standards that apply to Cloud Direct operations. The continual improvement of Cloud Direct IT service management and supporting processes is a key discipline promoted across the business.
  • We operate to our documented policies, procedures and processes where applicable.
  • We apply measurements to our IT service delivery which drive desired behaviour.
  • We assess and actively manage risks to the service delivery process.
  • We manage new and changes to existing services and configuration items in a controlled manner having assessed the likely impact of a new or changed service and thereby adopting an appropriate approach to change and release management.
  • We have developed and implemented a business continuity plan to counteract interruptions to business activities and to protect critical business processes from the effects of major failures or disasters thereby controlling the potential impact on customers.
  • We have close working relationships with key suppliers and vendors to ensure service requirements are met with high quality, available systems and responsive issue resolution. Governance of the processes involved in service delivery are clearly defined.
  • We aim to achieve customer satisfaction through meeting customer expectations of our service and we invite regular customer feedback on delivered services.
  • We fulfil all legal, regulatory and contractual obligations.