Security Statement - Groove Technology

Information Security Statement

Groove Technology has agreed to adopt an Information Security Management System (ISMS) that complies with the ISO 27001:2013 Standard. It is the intention of the Groove’s Board of Directors to maintain compliance/certification with the ISO 27001 Information Security Standard for the following reasons:

Groove Technology has an obligation to its customers, employees, suppliers and service providers to protect the confidentiality, integrity and availability of information assets

• To ensure business continuity and minimise disruption to business functions by preventing and minimising the impact of security incidents
• To facilitate business improvement through the adoption of secure business practice and business management.
• To ensure that all information controls are implemented to a repeatable and consistently high standard at the right time and at the right cost to the benefit of our customers and stakeholders

Policy

This Information Security Policy demonstrates the direction and commitment of Groove Technology to information security in order to protect its own information assets and those provided to the Groove by partner organisations/third parties.

We will develop and maintain an effective documented ISMS based on the requirements of ISO IEC 27001:2013, to ensure that we have a documented method of control that protects the Groove, its customers and stakeholders.

It is our policy to ensure that:

• Information will be protected against unauthorised access
• Confidentiality of information will be assured
• Integrity of information will be maintained
• Regulatory and legislative requirements will be met
• Business Continuity plans will be produced, maintained and tested
• Information security training will be available to all employees
• All breaches of information security, actual or suspected, will be reported to and investigated by the Information Security Officer

Policies applies to:

• All Groove Technology owned information and information provided to the Groove Technology by customers and stakeholders
• All information in any form – paper, electronic, audio, CD, tape film
• All systems, applications and infrastructure used to process information
• All Groove Technology employees
• Third parties with access to Groove Technology information assets
• All buildings used by the Groove Technology that house information assets or from where employees access information assets

Objectives

The objectives of information security are to:

• Reduce information security risks to an acceptable level
• Ensure that all information collected, held and used by the Groove Technology is appropriately protected and available in line with business requirements
• Ensure that information shared with third parties is protected against unauthorised disclosure and is managed in accordance with this policy
• Ensure that all Groove Technology employees are aware of and comply with applicable legislative and regulatory requirements
• Maintain employees awareness of information security, thereby ensuring that all employees acknowledge its importance to the Groove Technology and their own individual responsibilities for security
• Ensure that all breaches of information security, actual or suspected, are reported to and investigated by the Information Security Officer, who has direct responsibility for maintaining this policy and providing advice and guidance on its implementation
• Provide documentary evidence in the form of records to show that the processes are being followed correctly and completely
• Continually improve our ISMS based on customer and employee feedback, incidents, key performance indicator results, audit findings and technologies
• Enable the rapid dissemination of improvements to all relevant areas