MSPRING - Information Security Policy
Mspring team (Based on the staffing industry) is committed towards securing information by ensuring confidentiality, integrity and availability (CIA Triad) to achieve the organization's goals, creating confidence in both internal and external customers (Vendors, clients and staffs / inhouse and on-board staff), and maintaining business continuity. This is reflected in all its processes by
- Safeguarding confidential information related to its employees, clients, services and business associates (Vendors, clients and staffs / inhouse and on-board staff).
- Implementing safety & security measures for personnel and physical environment.
- Abiding with applicable federal, statutory and regulatory requirements in operating zones.
- Ensuring organization-wide awareness and education of information security requirements
Information Security Objectives
- To Protect the Confidentiality, Integrity and Availability of business and customer information (Vendors, clients and staffs / inhouse and on-board staff).
- To protect the organisation's information assets from theft, abuse, misuse and any form of damage.
- To establish responsibility and accountability for information security in the organization.
- To ensure that the organisation is able to continue its commercial activities in the event of significant information security incidents
ISMS Objectives
- To protect the integrity, availability and confidentiality of business and customer information (Vendors, clients and staffs / inhouse and on-board staff).
- To protect the organisation’s information assets from theft, abuse, miscue and any form of damage.
- To establish responsibility and accountability for information security in the organisation.
- To ensure that the organisation is able to continue its commercial activities in the event of significant information security incidents.
ISMS Measurement
- The number of security incidents relating to the loss of data or breaches of confidentiality.
- The number of security incidents relating to the loss / theft of equipment.
- Instances of non-compliance with policies and procedures.
- Staff awareness activities.
- Internal audit ensuring staff awareness and compliance.
- Number of incidents relating to service availability.
- Success of business continuity testing.