❖UFG is an internal company based in USA, Germany. The goal of UFG is to bring software development to a higher level. The basis of UFG are the Agile principles. Our teams Scrum to make our own organisation and our clients more effective and faster.
❖OBJECTIVES The objective of managing information security is to ensure business continuity and minimize business damage by preventing and minimising the impact of security incidents. In deploying the UFG Information Security Management System (ISMS), UFG aims to maintain existing known risks at their current low level and ensure that new and changing risks are managed in an equally consistent and professional manner.
❖PURPOSE The purpose of the Policy is to protect both UFG and its Clients assets from all threats, whether internal or external deliberate or accidental. Protection of information is set out in terms of:
❖Confidentiality: ensuring only persons who are authorized have access to information.
❖Integrity: ensuring the purity, accuracy and completeness of information.
❖Availability: ensuring information, associated assets, and systems can be accessed when required by authorized persons.
❖Regulatory: regarding regulations, laws and codes of practice in each country where it operates as a minimum standard in its Information security management standard.
❖Reliability: ensuring that each person can rely on the correctness of the information.
❖IN PARTICULAR UFG WILL:
❖Ensure that UFG management and employees comply with the requirements of the security policy.
❖Minimize the risk of damage to company assets, information, reputation, hardware, software or data.
❖Ensure that UFG employees and computer systems don’t infringe any copyright or licensing laws.
❖Set out clearly the company’s policies relating to all aspects of the management of information, hardware, firmware and software.
❖Define a systematic approach to risk assessment by identifying a method that is suited to the ISMS, the identified business information security, legal and regulatory requirements.
❖Setting policy and objectives for the ISMS to reduce risks to acceptable levels. Determining criteria for accepting the risks and identify the acceptable levels of risks.
❖All managers are directly responsible for implementing the Security Policy within their business areas, and for adherence by their staff. It is the responsibility of each member of staff to adhere to the Security Policy. Failure to do so may result in disciplinary action.
❖The Compliance Officer is responsible for maintaining the Security Policy and providing advice and guidance on it’s implementation.
Sean Cavandi, Managing Partner