Information & Data Security Policy | StrucView Platform
STRUCTURAL TECHNOLOGIES is committed to understanding and effectively managing risks related to Information and Data Security to provide greater certainty and confidence for our shareholders, employees, customers, suppliers and for the communities in which we operate.
It is the policy of STRUCTURAL TECHNOLOGIES to ensure:
- Information and data will be protected against unauthorised access
- Confidentiality of information and data will be maintained.
- Information and data will not be disclosed to unauthorised persons through deliberate or careless action.
- Integrity of information and data through protection from unauthorised modification.
- Availability of information and data to authorised users when needed.
- Information and data security training must be completed by all staff.
- All suspected breaches on information and data security will be reported and investigated.
Any individual dealing with information and data at STRUCTURAL TECHNOLOGIES, no matter what their status (e.g.; employee, contractor, or consultant), must comply with the information and data security practices and documents. This policy applies to all information and data, computer and network systems governed, owned by and/or administered by STRUCTURAL TECHNOLOGIES.
The objectives of these policies are to:
- Reduce the opportunity for mistakes and misunderstandings to occur when dealing with IT assets and information and data of STRUCTURAL TECHNOLOGIES.
- Educate staff to allow them to independently make informed decision with regards to the secure handling of IT assets, information and data which is owned by STRUCTURAL TECHNOLOGIES within the framework of the information security policies.
- Assist in the identification and investigation of fraudulent information security and data related activities and co-operate with relevant legal agencies.
- Defend IT assets, information and data that STRUCTURAL TECHNOLOGIES governs, owns, manages, maintains or controls which are both tangible and intangible and safeguard IT related records and documents that exist in all forms – paper and electronic.
- Comply with the needs of the Regulatory Authorities (internal or external) and relevant legislation.
The goals of information security management are to:
- Have information and data security controls in the framework of information security policies to provide a secure environment for the operation of the STRUCTURAL TECHNOLOGIES’ business.
- Identify through appropriate risk assessment, the value of information and data assets and to understand their vulnerabilities and the threats that may expose them to risk.
- Manage the risks to an acceptable level through the design, implementation and maintenance of appropriate information and data security processes and controls.
- Comply with legislation and industry best practices that apply to STRUCTURAL TECHNOLOGIES.
All personnel have a responsibility to report perceived and actual information relating to information and data security breaches and/ or IT incidents either to the STRUCTURAL TECHNOLOGIES managers.
Management and employees are responsible for embedding information and data security risk management in our core business activities, functions and processes. Information and Data Security Risk awareness and our tolerance for risk are key considerations in our decision making
This policy, together with the objectives and targets set, will be reviewed on an annual basis to ensure that it remains relevant and suitable to the operations of STRUCTURAL TECHNOLOGIES.