Information that’s collected, analysed, stored, communicated and reported upon may be subject to theft, misuse, loss and corruption. Information may be put at risk by poor education and training, and the breach of security controls.
Information security incidents can give rise to embarrassment, financial loss, non-compliance with standards and legislation, as well as possible judgements being made against Oho Experience Company Limited (“Oho Experience”).
This high level Information Security Policy sits alongside the ‘Information Risk Management Policy’ and ‘Data Protection Policy’. This is to provide the high-level outline of, and justification for, Oho Experience’s risk-based information security controls.
Oho Experience’s security objectives are that:
The Information Security Policy and its supporting controls, processes and procedures apply to all information used at Oho Experience, in all formats. This includes information processed by other organisations in their dealings with Oho Experience.
The Information Security Policy and its supporting controls, processes and procedures apply to all individuals who have access to Oho Experience information and technologies. This includes external parties that provide information processing services to Oho Experience.
Compliance with the controls in this policy will be monitored by the Development and Infrastructure Team, and reported to the Executive Board.
A review of this policy will be undertaken by the Data Protection Officer (DPO). This will be annually or as required, and will be approved by the CTO.