Tango Brook Logo

INFORMATION SECURITY MANAGEMENT SYSTEM POLICY STATEMENT

1. INTRODUCTION

This policy statement defines how the Information Security Management System will be set up, managed, measured, reported on and developed within Tango Brook Technologies Limited.

Tango Brook Technologies Limited is committed to providing a service according to client’s expectations, ensuring that we take all aspects of Information Security Management in delivering our services to our clients.

Tango Brook Technologies Limited’s policy is to commit to and maintain an Information Security Management System designed to meet the requirements of ISO27001:2022 in pursuit of its primary objectives.

To drive continual improvement within the Information Security Management System, Tango Brook Technologies Limited has set objectives on an annual basis as part of the Management Review Process; these objectives ensure the system is appropriately monitored and measured. All objectives are communicated to all staff and include key responsibilities, timescales, and appropriate measures of success.

It is our Policy to ensure that:

  1. All information and systems will be protected against unauthorised access and disclosure.
  2. Confidentiality of information will be maintained.
  3. Integrity of information is protected from unauthorised modification.
  4. Regulatory and legislative requirements will be met.
  5. All suspected breaches of information security will be reported and investigated.
  6. Adequate prevention and detection of malware is in place.
  7. Information Security Policies are in place to ensure the safe use of our computer and information systems.
  8. Competent external providers that meet all pre-qualification requirements are engaged.
  9. Optimal internal business processes and customer satisfaction, delight, and retainership.

2. ISMS POLICY STATEMENT

“Tango is committed to upholding and enhancing information security operations by implementing an information security management system to meet and exceed the expectations of its stakeholders by complying with all applicable regulations and guidelines.”

3. TOP MANAGEMENT LEADERSHIP AND COMMITMENT

Commitment to the Information Security Management System Objectives extends to senior levels of the organization. It will be demonstrated through this ISMS Policy and the provision of appropriate resources to provide and develop the ISMS and associated controls.

Top management will also ensure that a systematic review of the programme’s performance is conducted regularly to ensure that quality objectives are being met and relevant issues are identified through the audit programme and management processes. Management review can take several forms, including departmental and other management meetings. The Top management shall have overall authority and responsibility for the implementation and management of the Information Security Management System, specifically:

  1. The identification, documentation, and fulfilment of the Information Security Management System Objectives.
  2. Implementation, management, and improvement of risk management processes
  3. Integration of operational processes, procedures, and controls
  4. Compliance with statutory, regulatory, and contractual requirements

4. COMMITMENT TO SATISFYING APPLICABLE REQUIREMENTS

Commitment to the delivery of the Information Security Management System extends to senior levels of the organisation. It will be demonstrated through this Information Security Management System Policy and the provision of appropriate resources to establish and develop the Information Security Management System.

Top management will also ensure that a systematic review of the programme’s performance is conducted regularly to ensure that Information Security Management System objectives are being met and information security issues are identified through the audit programme and management processes. Management Review can take several forms, including departmental and other management meetings.

Within the field of Information Security Management Systems, several key roles need to be undertaken to ensure the success of the ISMS and protect the business from risk.

Tango Top Management is also committed to satisfying the following applicable requirements concerning the ISMS:

  1. Ensuring improvement of the information security management systems.
  2. Providing necessary human, financial and technological resources to establish and develop an information security management system.
  3. Providing direction and support for information security following business requirements and relevant laws and regulations.
  4. Establishing a management framework to initiate and control the implementation and operation of information security within the organisation.
  5. Ensuring that employees and contractors understand their responsibilities and are suitable for their considered roles.
  6. Ensuring that information receives appropriate protection by its importance to the organisation.
  7. Ensuring authorised user access and preventing unauthorised access to systems and services.
  8. Making users accountable for safeguarding their authentication information.
  9. Limiting access to information and information processing facilities.
  10. Preventing unauthorised physical access, damage and interference to the organisation’s information and information processing facilities.
  11. Ensuring correct and secure operations of information processing facilities.
  12. Ensuring the protection of information in networks and its supporting information processing facilities using technologies.
  13. Ensure that information security is integral to information systems across the entire lifecycle. This also includes the requirements for information systems which provide services over public networks.
Information Security Management System | Tango Brook Technologies | Tango Brook Technologies