1. Purpose
To define management direction for protecting information belonging to or under the custody of Softsource Limited.
To ensure that Softsource vBridge information and information technology assets (including paper documents), are protected from unauthorised access, use, disclosure, disruption, modification, and destruction whilst enabling use by Softsource vBridge personnel to support Softsource vBridge interests, customers, and services.
1.1 Scope
This policy applies to all Softsource vBridge-held information, information systems, employees/independent contractors and third parties who use, or have access to Softsource vBridge information, data, facilities, or systems. These people may work for Softsource vBridge or any other party.
1.2 Objectives
This policy has three goals.
1. Protect Softsource vBridge (including customer and employee) information, data, facilities, and systems from information security threats, whether internal or external, deliberate, or accidental.
2. Maintain proper levels of security ability and resources to improve our information security practices, security systems and controls.
3. Be business-enabling, meet customer information security requirements, enhance Softsource vBridge reputation, and ensure Softsource vBridge operations meet our contractual and regulatory obligations.
2. Policy Statements
These statements define the actions we will take to support good information security.
2.1 We will take a well-defined approach to Information Security
2.1.1 We will use the viewpoints of confidentiality, integrity, and availability (CIA) to guide our information security activities:
Confidentiality – ensure that only authorised persons or entities access information.
Integrity – ensure that information is not altered without authorisation.
Availability – ensure that information and services are accessible when required by authorised users.
2.1.2 We will run our security controls and operations per our regulatory and contractual obligations.
2.1.3 We will support an Information Security Management System (ISMS) that is certified and externally audited against ISO/IEC 27001.
2.2 We will stay committed to Information Security
2.2.1 We will resource the ongoing improvement our information security practices to support our information security goals.
2.2.2 We will cultivate good information security as a valued part of Softsource vBridge culture.
2.2.3 We will keep contact with relevant special interest groups, security forums and professional associations to help ensure we are informed and up to date with the most recent developments, threats, vulnerabilities, and security technologies across the industry.
2.3 We are all part of this policy’s compliance process
2.3.1 The Softsource vBridge executive leadership team, all employees, contractors and third parties who have access to Softsource vBridge information, data, facilities, and systems, must follow this policy and all supporting, approved security policies, standards and procedures made under it.
2.3.2 Softsource vBridge will follow its Disciplinary Policy and procedures in response to any failure to comply.
3. Regulatory Requirements
Softsource vBridge will follow all New Zealand legislation including:
-
- Contract and Commercial Law Act 2017
- Unsolicited Electronic Messages Act 2007 Harmful
- Digital Communications Act 2015
- New Zealand Privacy Act 2020
4. Ownership
The Softsource vBridge Information Security Manager keeps this document on behalf of the Executive Leadership Team. Should you have any queries or require clarification around any part of this document please email support@softsource.co.nz