Information Security Statement
Ink is committed to maintain and improve information security within the organisation and minimise its exposure to risks. It is therefore organisation policy to ensure that:
- The integrity of information shall be assured
- The confidentiality of customer’s information shall be assured
- The privacy, confidentiality, and integrity of customer’s PHI shall be protected
- Information shall be protected against unauthorised access
- Information shall be made available to authorised business processes, users, and customers when required.
- Regulatory, statutory, and legislative requirements shall be met
- Business continuity plans for mission-critical activities shall be produced, maintained, and tested
- Information security awareness shall be made available to all users
- Breach of information security, actual or suspected shall be reported and will be investigated by the Technical team under the supervision of executive management
- PHI shall be made available to patients, government officials, airlines or authorised third parties after prior consent from the patient.
Governance and Responsibilities
All users of Ink information technology resources are responsible for complying with this policy. Every user is accountable for:
- Ensuring that no breach of information security shall occur from their actions
- Reporting any breach or suspected breach of security to relevant parties
The Chief Information Security Officer is ultimately responsible for implementing the policy within the company, and for monitoring adherence by the users. This includes:
- Assigning responsibilities for information security management to the relevant staff
- Determining access rights for information assets and systems or delegating such determination accordingly.
- Ensuring that all users of information technology resources are aware of their accountability and they are aware that failure to comply with the Information Security Policy is a disciplinary offence.