ISO 27001 - Information Security Management

Last updated: 23rd January 2018 (issue 1) | If you have any questions regarding anything found within this policy, please contact us.

Information Security Management

ISO 27001 is the most widely recognised international standard for information security and shows that Trade Copiers has robust data security procedures in place.

The standard specifies the requirements for implementing, maintaining and continually improving an Information Security Management System within the context of the organisation. Trade Copier’s security management system includes policies around access control, risk management, physical security, business continuity, training & awareness; all underpinned by a comprehensive set of technical procedures and controls that are reviewed on a regular basis.


The ISMS Manager of Trade Copiers Limited has an objective of ensuring business continuity and therefore minimising the risk of damage by preventing security incidents and reducing their potential impact. The goal of this policy is to protect the organisation’s information assets against all internal, external, deliberate or accidental threats.

The ISMS Manager will ensure that:

  1. Information will be protected against any unauthorised access
  2. Confidentiality of information will always be assured
  3. Integrity of Information will be maintained
  4. Availability of Information for business processes will be maintained
  5. Legislative and regulatory requirements will be met
  6. Business continuity plans will be developed, maintained and tested
  7. Training on information security will be available for all employees
  8. All actual or suspected information security breaches will be reported to the ISMS Manager and will be thoroughly investigated

Procedures are available to support the policy, Including virus control measures, passwords and continuity plans.

Business requirements for the availability of information and systems will be met.

The ISMS Manager is responsible for maintaining the policy and providing support and advice during and when implemented.

All managers are directly responsible for implementing the policy and ensuring staff compliance in their respective departments.

Compliance with this Information security policy is mandatory.

This policy will be communicated to all staff employed by the organisation and will be subject to an annual review.