Cyber Security Policy and Procedure
Purpose
The purpose of this policy and procedure is to establish the Mary rubber moulding cyber security risk management framework to prevent, reduce and manage compromised information security.
Scope
This policy and procedure applies to all staff, Managers and MD (partners, contractors, consultants, etc.) and visitors regardless of location or device ownership and includes any person or entity with authorized use of the mary rubber moulding IT systems, internet and/or email.
Definitions
Control – Is a measure put in place to manage, minimize or eliminate risk.
Cyber security – The methods (policies, strategies, behaviours, and techniques) through which necessary and commensurate measures can be identified, implemented, and maintained to effect information security.
IT and Infrastructure – Is responsible for IT systems at the mary rubber moulding. Noting that in addition to hosting IT systems at the mary rubber moulding some facilities may be hosted externally.
IT systems – All services including data, voice, video, delivered through electronic means. Such technologies encompass systems, software, hardware, communications,
and network facilities.
Policy
The Mary rubber moulding is committed to delivering information security by preventing unauthorized access to, and modification or impairment of, its digital IT systems and the information stored within them; through a combination of preventative measures, cyber security incident management, and the participation of all authorized users in ensuring that security measures are not undermined.
Procedure
5.1 – The mary rubber moulding Cyber Security Strategy and preventative measures will mitigate risk and help protect critical information against cyber threats through compliance with this policy and procedure, and its local operating procedures, standards, guidelines, and systems. This includes technical cyber security controls and a cyber security awareness program to reduce vulnerability of staff and students to cyber security threats by fostering a culture that encourages cyber security.
5.2 – Risk management will centre around cyber security controls that seek to reduce the likelihood or impact of an incident, or both. Cyber security risk management will be measured by:
- Maintaining a register of key information assets.
- Incorporating cyber security risk identification and assessment into processes impacting the use and processing of information.
- Maintaining a register of cyber security risks with related controls.
- Reviewing risks at regular intervals and due to significant security incidents, threats, or changes to business requirements.
- Implementing and strengthening controls to reduce risk.
- Evaluating the effectiveness of controls.
The Manager IT and Information will manage cyber security incidents by applying quick, effective, and orderly responses that aim to comply with applicable legal requirements (see Notifiable Data Breaches Policy and Procedure), minimise harm to impacted individuals, and minimise damage and risk. Management of incidents includes communication and collection and analysis of evidence from the incident. All incidents must be reported to the Executive Management Committee and to the Audit and Risk Management Committee.
Responsibilities
Manager IT and MD are responsible for reporting potential cyber security incidents to IT and Infrastructure support, including those of an accidental nature such as a lost laptop or device.
Implementation and Communication
The policy will be implemented and communicated throughout the company via:
- The mary rubber moulding webpage – www.maryrubber.in
- Internal circulation to staff
- Displayed in notice board.