Qore recognizes at senior levels the need to ensure that its business operates smoothly in the face of security breaches and unwanted events for the benefit of its customers, shareholders, and other stakeholders. To provide such a level of confidentiality, integrity and availability of information, Qore has implemented and Integrated an Information Security Management System (ISMS) with existing management systems in line with the International Standard for Information Security, ISO27001. Through the operation of this ISMS, Qore is committed to:
Setting Information Security Objectives
- Defining a framework for setting high-level objectives for information security that are fundamental to the nature of the business.
- Ensuring that defined ISMS objectives guide the setting of lower level, more short-term objectives for information security planning within an annual cycle timed to coincide with organizational budget planning.
- Ensuring that adequate funding is obtained for the improvement activities identified within the ISMS.
- Ensuring that Information Security objectives are documented in the Integrated Management System Plan for the relevant financial year, together with details of a plan for how they will be achieved.
- Ensuring that Integrated Management System Plan are reviewed on a quarterly basis as part of the management review process, at which time the objectives will also be reviewed to ensure that they remain valid. If amendments are required, these will be managed through the change management process.
Top Management Leadership and Commitment
- Qore’s commitment to the Information Security Management systems extends to senior levels of the organization and will be demonstrated through this Information Security Policy and the provision of appropriate resources to provide and develop the Information Security Management Systems and associated controls.
- Qore Top management will also ensure that a systematic review of the performance of the programme is conducted on a regular basis to ensure that objectives are being met and issues are identified through the audit programme and management review processes.
Roles and Responsibilities
- Qore management has appointed ISMS Managers with the overall authority and responsibility for the implementation and management of the Information Security Management system to ensure the success of the ISMS and protect the business from risk.
- Qore is committed to continually improve the effectiveness of the Information Security Management System across all areas within scope.
- Enhance current processes to bring them in line with good practice as defined within ISO 27001
- Achieve ISO 27001 certification and maintain it on an on-going basis
- Increase the level of proactivity (and the stakeholder perception of proactivity) regarding the ongoing management of ISMS.
- Achieve an enhanced understanding of and relationship with the business units to which the ISMS applies
- Review relevant metrics on an annual basis to assess whether it is appropriate to change them, based on collected historical data.
- Obtain ideas for improvement via regular review meetings with stakeholders and document them in a Continual Improvement Log
- Review the Continual Improvement Log at regular management meetings in order to prioritize and assess timescales and benefits
Our ISO 27001 Information Security Management Systems (ISMS) Objectives
- Provide 85% assurance of information systems resilience.
- Protect 100% of client confidential information
- Protect 100% of critical information assets and critical business processes relative to Qore core business.
- Ensure 90% compliance with Qore, contractual, regulatory and legal requirements and reduce regulatory sanctions/penalties
- Improve security-awareness culture for 80% of employees.
Realization of the following Business Benefits
- Protection of revenue streams and company profitability
- Ensuring the continuous service delivery to customers
- Compliance with legal and regulatory requirements
- To reduce the impact and cost of disruption
- To ensure protection and safety of employees and company asset
- To provide assurance to our customers, partners, and other stakeholders
This policy represents our general intent towards information security management, which shall be made available to all our stakeholders, and furnished upon request by any interested party. This policy will be reviewed on a regular basis to keep it in line with our intentions and mode of operations.