The CSSC Information Security Policy (ISP) is concerned with protecting the system, equipment and processes of CSSC that support keeping information safe and protected, no matter how, or in what form, the information is either held, processed or shared.
CSSC is located at Compton Court 20-24 Temple End, High Wycombe, Bucks, HP13 5DR and operates primarily in the business of the management and provision of sport and leisure opportunities to its members (from the Civil Service and Public sector) and in the support and training of its volunteers.
Through the implementation of the ISP which incorporates CSSC’s Information Security Management System (ISMS) and relevant policies including the Information Technology Security Policy (ITSP), CSSC makes sure that all persons having access to members’ information can be held accountable for their actions and is committed to protecting and preserving the information’s:
Since their design, development and agreement, the CSSC ISP and ITSP have:
The ISMS is intended as a mechanism for managing information security related risks and improving the organisation to help deliver its overall purpose and goals. The online platform environment and the approach taken to risk assessment and management, the Statement of Applicability and the wider requirements set out for meeting ISO 27001:2013 identify how information security and related risks are addressed and information protected.
For our ISMS:
Information and information security requirements will continue to be aligned with the organisation’s business goals and will take into account the internal and external issues affecting the organisation and the requirements of interested parties. An internal audit / review of procedures and policies is conducted annually. In addition, achievement of the quality objectives are measured against quarterly targets set in relation to the business plan.
All employees and relevant interested parties associated to the ISMS have to comply with this policy.
We are committed to achieving and maintaining certification of the ISMS to ISO27001:2013 along with other relevant accreditations against which our organisation has sought certification.
The CEO is the owner of this document and is responsible for ensuring that this policy document is reviewed in line with the requirements set out in ISO 27001:2013.
A current version of this document is available to all members of staff and is displayed on our website.
This policy will be reviewed regularly to respond to any changes in the business, its risk assessment or risk treatment plan, and at least annually.