Kempston Controls Information Security Policy

The purpose of the Information Security Policy ("Policy"), which forms the basis for securing and protecting the information assets and environment they operate in for Kempston Controls Ltd, is to outline the overall management framework and guiding principles for information security. The scope of the policy is to cover all of the company operations.

The primary goals of this information security policy for Kempston Controls Ltd are as follows:

  • To identify through appropriate risk assessment, the value of information assets, to understand their vulnerabilities and the threats that may expose them to risk.
  • To manage the risks to an acceptable level though the design, implementation and maintenance of a formal Information Security Management System.
  • To not completely eliminate information security risks but to minimize them in the most cost-effective manner, offsetting the cost of controls against the anticipated reduction in losses due to security breaches.

The implementation of this policy is important to maintain and demonstrate our integrity in our dealing with customers and suppliers. It is the policy of Kempston Controls Ltd to ensure:

  • Confidentiality of information is maintained
  • Integrity of information through protection from unauthorised modification
  • Availability of information to authorized users when needed
  • Information is protected against unauthorised access
  • Information is not disclosed to unauthorized persons through deliberate or careless action
  • Regulatory and legislative requirements will be met
  • Business continuity plans are produced, maintained and tested as far as practically possible
  • Information security training is given to all Employees where relevant
  • All breaches of information security and suspected weaknesses are reported and investigated
  • Calls to the contact centre may be monitored or recorded

Information security practice in Kempston Controls Ltd is guided by the following fundamental principles:

  • Information security controls are necessary to protect Kempston Controls Ltd information against unacceptable risks to their:
    • Confidentiality (e.g. preventing unauthorized disclosure of sensitive corporate or personal information),
    • Integrity (e.g. ensuring that human errors and programming bugs do not reduce the completeness or accuracy of our data); and
    • Availability (e.g. minimizing unplanned system downtime and consequent interruption of critical business processes).
  • We invest wisely in proven information security controls where justified on the basisof lifecycle cost/benefit assessment and risk analysis.
  • Information security is a core element of corporate governance. It is closely relatedto aspects such as IT management, risk management, legal and regulatorycompliance and business continuity. It supports various obligations to ouremployees, business partners and the community at large.
  • Information security is a business enabler that allows us to enter more confidentlyinto and maintain business relationships, markets and situations that wouldotherwise be too risky. By minimizing net losses resulting from information securitybreaches, it supports our financial bottom line. It also enhances our corporate imageas a trustworthy, open, honest and ethical organization.

The Kempston Controls Ltd Director will measure and review the effectiveness of our information security efforts on an annual basis.