DevOn is an international company based in Netherlands, Germany, India and USA. The goal of DevOn is to bring software development to a higher level. The basis of DevOn are the Agile principles. Our teams Scrum to make our own organisation and our clients more effective and faster.
The objective of managing information security is to ensure business continuity and minimize business damage by preventing and minimising the impact of security incidents. In deploying the DevOn Information Security Management System (ISMS), DevOn aims to maintain existing known risks at their current low level and ensure that new and changing risks are managed in an equally consistent and professional manner.
The purpose of the Policy is to protect both DevOn and its Clients assets from all threats, whether internal or external deliberate or accidental. Protection of information is set out in terms of:
Confidentiality: ensuring only persons who are authorised have access to information.
Integrity: ensuring the purity, accuracy and completeness of information.
Availability: ensuring information, associated assets, and systems can be accessed when required by authorised persons.
Regulatory: regarding regulations, laws and codes of practice in each country where it operates as a minimum standard in its Information security management standard.
Reliability: ensuring that each person can rely on the correctness of the information.
IN PARTICULAR DEVON WILL:
Ensure that DevOn management and employees comply with the requirements of the security policy.
Minimize the risk of damage to company assets, information, reputation, hardware, software or data.
Ensure that DevOn employees and computer systems don’t infringe any copyright or licensing laws.
Set out clearly the company’s policies relating to all aspects of the management of information, hardware, firmware and software.
Define a systematic approach to risk assessment by identifying a method that is suited to the ISMS, the identified business information security, legal and regulatory requirements.
Setting policy and objectives for the ISMS to reduce risks to acceptable levels. Determining criteria for accepting the risks and identify the acceptable levels of risks.
All managers are directly responsible for implementing the Security Policy within their business areas, and for adherence by their staff. It is the responsibility of each member of staff to adhere to the Security Policy. Failure to do so may result in disciplinary action.
The Compliance Officer is responsible for maintaining the Security Policy and providing advice and guidance on it’s implementation.