General Data Protection Regulation
Access Control Policy
General Data Protection Regulation
Information Security Policy
The Board of Directors and management of Webb Teasdale, located at Webb Teasdale’s Address, which are committed to preserving the confidentiality, integrity and availability of all the physical and electronic information assets throughout their organization
The Risk Assessment, Statement of Applicability and Risk Treatment Plan identify how information-related risks are controlled. In particular, business continuity and contingency plans, data backup procedures, avoidance of viruses and hackers, access control to systems and information security incident reporting are fundamental to this policy. Control objectives for each of these areas are contained in and are supported by specific documented policies and procedures.
All Employees/Staff of Webb Teasdale are expected to comply with this policy The consequences of breaching the information security policy are set out in the disciplinary policy and in contracts and agreements with third parties.
Webb Teasdale is committed to achieving certification of its ISMS to ISO27001:2013 and compliance with the GDPR.
This policy will be reviewed to respond to any changes in the risk assessment or risk treatment plan and at least annually.
In this policy, ‘information security’ is defined as:
Preserving
This means that management, all full time or part time Employees/Staff, sub-contractors, project consultants and any external parties have, and will be made aware of, their responsibilities to preserve information security and to report security breaches. All Employees/Staff will receive information security awareness training
the availability,
This means that information and associated assets should be accessible to authorised users when required and therefore physically secure. The computer network must be resilient and Webb Teasdale must be able to respond rapidly to incidents (such as viruses and other malware) that threaten the continued availability of assets, systems and information. There must be appropriate business continuity plans.
confidentiality
This involves ensuring that information is only accessible to those authorised to access it and therefore to preventing both deliberate and accidental unauthorised access to Webb Teasdale’s information and its systems
and integrity
This involves safeguarding the accuracy and completeness of information and processing methods, and therefore requires preventing deliberate or accidental, partial or complete, destruction or unauthorised modification, of either physical assets or electronic data. There must be appropriate contingency and data backup plans and security incident reporting. Webb Teasdale must comply with all relevant data-related legislation in those jurisdictions within which it operates.
of the physical (assets)
The physical assets of Webb Teasdale including, but not limited to, computer hardware, data cabling, telephone systems, filing systems and physical data files.
and information assets
The information assets include information printed or written on paper, transmitted by post or shown in films, or spoken in conversation, as well as information stored electronically on servers, website(s), extranet(s), intranet(s), PCs, laptops, mobile phones and PDAs, as well as on CD ROMs, floppy disks, USB sticks, backup tapes and any other digital or magnetic media, and information transmitted electronically by any means. In this context, ‘data’ also includes the sets of instructions that tell the system(s) how to manipulate information (i.e. the software: operating systems, applications, utilities, etc).
A SECURITY BREACH is any incident or activity that causes, or may cause, a break down in the availability, confidentiality or integrity of the physical or electronic information assets of Webb Teasdale.
