We reviewed our banks against and have closed our account with HSBC. We are exploring the prospect of using company funds to subsidise “green” home improvements for our UK employees (replacing gas boilers with heat pumps, solar panel installation, insulation improvements etc.). AWS' approach differs from most other green hosting companies in that it is not only based on offsetting, carbon credits, and tree planting, but also significant investment in renewable energy schemes internationally. We review the data centres we use against the Green Web Foundation's hosting directory () to look for opportunities to minimise our environmental impact. We choose to base many of our services on AWS due to their commitment to be net zero by 2040. The implementation of information security in development is defined in our Secure Development Policy The use of cryptographic controls is defined in our Acceptable Encryption Policy. The parameters for secret authentication information are set out in the Acceptable Use Policy and apply to all users (employees and third parties). We have an Access Control Policy that determines the access to information and systems based upon business requirements. Aspects of these process are highlighted to all employees as part of general awareness training, while management have a specific awareness module on management responsibilities. More extensive information relating to management responsibilities for the ISMS are given in the Management Team Terms of Reference and QMS/ISMS Management operations process. The members of the management team are identified through the People Chart and Roles and responsibilities documents. Links to key policies for third parties are incorporated into contracts. Key policies are highlighted to employees as part of onboarding and ongoing training.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |