At 8build we recognise that information is fundamental to our effective operation and, along with our employees, is our most important business asset. Whatever form the information takes, or the means by which it is stored or transmitted, we are committed to protecting business critical information as well as that of our clients, employees, contractors and visitors.
The purpose of this policy is to protect our information assets from all threats, whether internal, external, deliberate or accidental, and ensure that information and vital services are available to users when they need them. It also provides a framework for setting, monitoring, reviewing and achieving our objectives, programmes and targets. It is 8build’s policy to use all reasonably practicable measures to ensure that:
- Information is protected against unauthorised access
- Confidentiality of information is assured
- Integrity of information is maintained
- Requirements for availability of information and information systems are met
- Business continuity plans are produced, maintained and tested
- Regulatory, legislative and other applicable requirements related to information security are met
In order to deliver these responsibilities, 8build undertakes to:
- Ensure the availability, confidentiality and integrity of our information
- Ensure full compliance with our obligations in respect to information security legislation, regulations, codes of practice and other requirements associated with 8build operations
- Set measurable information security objectives and targets to provide 8build with a framework for measuring and monitoring performance as well as the continual improvement of the Information Security Management System
- Provide resources, including equipment, training and competent staff and any other requirements to enable these objectives to be met
- Make the details of our policy available to interested parties, upon request, and ensure it is communicated- and adhered to by all employees, temporary staff, contractors and visitors who enter any of our offices or worksites
- Ensure information security risk management systems are used to identify and assess the risks which may arise due to loss, misuse, theft or corruption of our information assets and implement controls, including policies, processes, procedures, software and hardware to limit exposure to identified issues. Controls are commensurate with the risks faced by 8build.
- Continually monitor, review and improve controls to ensure that specific security and business objectives are met
- Ensure business continuity, and minimise business damage by preventing and minimising the impact of security incidents
- Regularly review this policy so that it is always relevant to our business activities
Our approach to managing information security is set out in a series of detailed policies, procedure and processes and provide the mandatory controls for the protection and governance of information within 8build.
Our Information Security Policy and management system complies with the requirements of ISO 27001:2022 as well as relevant statutory and regulatory requirements.
For and on behalf of 8build
Paul Norman, Board Director