Information Security Policy

Information is an important business asset of significant value to ZTR Control Systems and needs to be protected from threats that could potentially disrupt business continuity. This policy has been written to provide a mechanism to establish procedures to protect against security threats and minimize the impact of security incidents.

The purpose of this policy is to protect the company’s information assets from all threats, whether internal or external, deliberate or accidental.

The Policy Scope covers physical security and encompasses all forms of Information Security such as data stored on servers, computers, transmitted across networks, printed or written on paper, stored on external media or spoken in conversation or over the telephone.

All managers are directly responsible for implementing the policy within their business areas, and for adherence by their staff.

It is the responsibility of each employee to adhere to the policy. Disciplinary processes will be applicable in those instances where staff fail to abide by this security policy.

 

IT IS THE POLICY OF THE COMPANY TO ENSURE THAT:

Information will be protected against unauthorised access.

Confidentiality of information is assured.

Integrity of information is maintained.

Availability of information will be made available to authorized individuals when required.

Authentication of all persons and systems seeking access to information or to our networked computer resources must first be satisfactorily identified.

Access to view or modify information, computer programs, or the systems on which the information resides, must be restricted to only those whose job functions absolutely require it.

Auditing will be recorded and maintained in compliance with all security, retention, relevant legislation and regulatory requirements.

Compliance with all relevant legislation and regulatory requirements regarding the management and security of information within the required jurisdictions.

Regularity and legislative requirements regarding Intellectual property rights, data protection and privacy of personal information are met.

Business Continuity plans will be produced, maintained and tested.

Staff receive sufficient information security training.

All breaches of information security, actual or suspected are reported and investigated by the Chief Privacy Officer.

This policy will be reviewed annually.

The Chief Privacy Officer has approved the information security policy

 

Name:   Ewen Galbraith

Title:      Chief Privacy Officer

Email:    privacy [at] ztr [dot] com

Phone: 519-452-1233 ext. 538 (Office) 519-859-4436 (Mobile)

Date:     July 25th 2019