Widget Works conforms to the ISO 27001:2022 standard which is reflected in its Information Security Policy. As part of the standard, Widget Works is implementing an Information Security Management System (ISMS), which is a formal system to protect the confidentiality, integrity, and availability of information.
Widget Works is committed to establishing, upholding, and continually maturing its ISMS to comply with applicable legal and regulatory obligations to which it subscribes, and to satisfy the expectations of interested parties.
Widget Works’ management is committed to providing continuous support to achieve its ISMS objectives through the implementation of robust security measures, regular assessments and relevant information security policies, procedures, and controls, ensuring the protection of information assets and ongoing trust of its valued stakeholders. This is achieved by:
- Addressing availability requirements for Widget Works’ information and information systems.
- Protecting data from unauthorised access, modification, or loss.
- Implementing controls to ensure the confidentiality and integrity of information.
- Complying with all relevant statutory and regulatory requirements.
- Investigating and reporting all breaches of information security (actual or suspected), where mandated.
- Developing, maintaining, and testing business continuity plans to counteract interruptions to business activities and protect critical business systems from the effects of major information failures or disasters.
- Providing information security education, awareness, and training to all Widget Works personnel.
- Conducting independent assessments to proactively manage information security risks and implement security controls to mitigate risks identified.
- Ensuring all employees and contractors are aware of, understand, and adhere to the policies and procedures of Widget Works’ ISMS.
This Information Security Policy Statement is available to all staff and to any interested parties, as evidence of Widget Works’ commitment to information security.