Ethical Angel have chosen to implement an Information Security Management System which uses ISO 27001 as a framework for protecting the information we hold. The framework has been designed to maintain confidentiality, integrity and availability of information assets and provide effective risk management. 

By implementing the Information Security Management System in accordance with ISO 27001, Ethical Angel will seek to ensure that:

• Information will be protected and controlled against unauthorised access or misuse.

• Confidentiality, integrity and availability of information and information assets will be assured.

• Risks posed to the organisation will be understood and controlled.

• Regulatory, contractual, and legal requirements will be complied with.

• Physical, logical, environmental and communications security will be maintained.

• Operational procedures and responsibilities will be maintained.

• All information security incidents (breaches, threats, weaknesses, or malfunctions) will be reported and investigated through appropriate management channels.

The ISMS is made up of the following key preventative components:

• Top management support, commitment, and review.

• Regular information security risk management.

• Clear policies and procedures to be followed by all persons handling our data.

• Clear technical policies and procedures to ensure IT controls are defined.

• Awareness and update training.

• Internal audit, checking and monitoring activities.

The organisation is committed to continually seeking to improve the effectiveness of the ISMS. The Chief Executive Officer has approved and supports compliance with the requirements of this policy. It is the responsibility of each employee to read, understand and adhere to this Policy.

Tony Pauley, CEO Ethical Angel

Last updated: 1st March 2021