Document Title: Security Policy
Reference: P-06
Version: 01
Date of Issue: 20/10/2025
Date to be Reviewed: 20/10/2026
Authorised by: M.Empson
Policy Statement
C-Tech Solutions Ltd Information Security Policy applies to all business functions within the scope of the Information Security Management System and covers the information, information systems, networks, physical environment, and people supporting these business functions. This document states the Information Security objectives and summarises the main points of the Information Security Policy.
Objective
The objective of Information Security is to ensure business continuity and minimise business damage by preventing and minimising the impact of security incidents. Information assets must be protected in order to ensure:
1. Confidentiality i.e., protection against unauthorised disclosure
2. Integrity i.e., protection against unauthorised or accidental modification
3. Availability as and when required in pursuance of the Organisation’s business objectives.
Responsibilities
• The Directors have approved the Information Security Policy.
• Overall responsibility for Information Security rests with the Compliance Manager.
• Day-to-day responsibility for procedural matters, legal compliance including data protection, maintenance and updating of documentation, promotion of security awareness, liaison with external organisation’s, incident investigation, management reporting etc. rests with the Compliance Manager.
• Day-to-day responsibility for technical matters, including technical documentation, systems monitoring, technical incident investigation and liaison with technical contacts at external organisation’s, rests with the Director, Operation Manager and the Compliance Manager.
• All employees or agents acting on the Organisation’s behalf have a duty to safeguard assets, including locations, hardware, software, systems, or information, in their care and to report any suspected breach in security without delay, direct to the Compliance Manager.
• Employees attending sites that are not occupied by the Organisation must ensure the security of the Organisation’s data and access their systems by taking particular care of laptops and similar computers and of any information on paper or other media.
• The Compliance Manager is responsible for drafting, maintaining, and implementing this Security Policy and similarly related documents.
• As with other considerations including Quality and Health & Safety, Information Security aspects are considered in all daily activities, processes, plans, projects, contracts, and partnerships entered into by the Organisation.
• C-Tech Solutions Ltd employees are advised and trained on general and specific aspects of Information Security, according to the requirements of their function within the Organisation. The Contract of Employment includes a condition covering confidentiality regarding the Organisation’s business.
P-06 – Security Policy (V01) Page2 Date: October 2025
• Adherence to Information Security procedures as set out in the Organisation’s various policies and guideline documents is the contractual duty of all employees and a clause to this effect is set out in the Organisation’s contracts of employment.
• Breach of the Information Security policies and procedures by the Organisation’s employees may result in disciplinary action, including dismissal.
• In view of the Organisation’s position as a trusted provider of specialist ICT integration services particular care is taken in all procedures and by all employees to safeguard the Information Security of its service users and/or clients.
• Agreements of Mutual Non-disclosure/Confidentiality are entered into as appropriate with third party Companies.
• Adherence of the company clear desk and screen policy.
Accreditations & Certifications
