Top Management at NunaBio understands the information security needs and expectations of its interested parties both within the organisation and from external parties including, amongst others, clients, suppliers, regulatory and Governmental departments.
The organisation has recognised that the disciplines of confidentiality, integrity, and availability of information in Information Security Management are integral parts of its management function and view these as their primary responsibility and fundamental to best business practice. To this end NunaBio has produced this Information Security Policy aligned to the requirements of ISO/IEC 27001 to ensure that we:
- Comply to all applicable laws, regulations and contractual obligations
- Implement Information security objectives that consider information security requirements following the results of applicable risk assessments
- Communicate these objectives and performance against them to all interested parties
- Adopt an Information security management system comprising a Security manual and procedures which provide direction and guidance on information security matters relating to employees, customers, suppliers, and other interested parties who come into contact with its work
- Work closely with customers, business partners and suppliers in seeking to establish appropriate information security standards
- Adopt a forward-thinking approach on future business decisions, including the continual review of risk evaluation criteria, which may impact on information security
- Instruct all members of staff in the needs and responsibilities of information security management
- Constantly strive to meet, and where possible exceed customer expectations
- Implement continual improvement initiatives, including risk assessment and risk treatment strategies, while making best use of management resources to better meet information security requirements
Responsibility for upholding this policy is company-wide under the authority of the Chief Executive Officer who encourages the personal commitment of all staff to address information security as part of their skills.
