These directives and policy statements establish Upmind’s commitment to protecting its information assets, defines guiding principles for information security, and formalises roles and responsibilities to ensure the effective implementation and management of the Information Security Management System (ISMS). It provides a framework for mitigating risks, ensuring compliance, and fostering a security-aware culture. These have been benchmarked to the International Standard for Information Security using ISO 27001:2022, ISO 27002:2022 and other relevant standards, as well as industry best practice.
This policy applies to all Upmind employees, contractors, systems, and external parties accessing Upmind’s information assets, including computer networks, applications, and sensitive customer data.
All employees and subcontractors who have access to Upmind systems must agree to the ‣ and attest their compliance as part of the onboarding process.
See definitions of ‣
This policies apply to all information handling, whether on IT systems or on paper. However, it is recognised that some of the controls may be aspirational to a degree and full implementation will be achieved in due course.
A number of additional policies and documents are relevant for ISMS and should be read in conjunction with this Information Security Policy. Upmind stores all policies in Notion in a structured format to gain automated benefits of backups, change control and device compatibly. Documents are classified and interlinked where sensible. They include: