Keep up to date
Forensic Analytics solutions, services and training are always evolving in response to ever-changing customer needs. CSAS V3 is here. To find out more subscribe to our latest updates.
This document sets out the Information Security Policy for Forensic Analytics Ltd.
ISMS – Information Security Management System
ISF – Information Security Forum
The Chief Executive is responsible for the authorisation of the Information security policy for and on behalf of Forensic Analytics.
The Executive Sponsor, the Service Operations Director, is responsible for the further development and maintenance of the Information Security Management System.
The Forensic Analytics Leadership team hereby commits its support to a formalised Information Security Management System (ISMS) relevant to the safeguarding of information collected, generated, or otherwise entrusted to the organisation. To support this commitment, Forensic Analytics has appointed an Executive Sponsor to be responsible for the further development and maintenance of the ISMS.
Operationally, the Executive Sponsor has formed an Information Security Forum (ISF) comprising of the Operations Manager, Development Manager, Human Resources Manager and representatives from the Quality and Compliance team, and other interested parties as required, who are charged with the responsibility for developing a robust and effective Information Security strategy and maintaining the ISMS.
To further support the organisation’s ISMS and Information Security strategy, Forensic Analytics has committed additional investment for cybersecurity tools/ monitoring, ICT infrastructure, and other resources including training for staff. Forensic Analytics is committed to comply with the requirements of the ISO 27001 framework and other applicable requirements including the Forensic Science Regulator’s statutory code of practice.
Forensic Analytics, like any other organisation, is exposed to potential threats which could damage its ability to provide the “confidentiality”, “integrity” and “availability” of assets and information. To address these threats Forensic Analytics will ensure there are management processes and controls in place to:
To deliver these processes and controls Forensic Analytics maintains a comprehensive Information Security Management System (ISMS) and will ensure provision of:
Forensic Analytics is committed to the continual improvement of the ISMS and the maturing of its information security posture through risk management; data impact assessments; incident response; internal audit and system penetration testing; technical controls; information security policy; behavioural controls; information security awareness training; contractual agreements; performance evaluation; other methods deemed necessary, the results of which are subject to periodic management review.
The Information Security Policy is communicated and applied at all levels within the organisation. It is made available upon request to investors, customers, external providers, and any other interested parties.
Forensic Analytics demonstrates the effectiveness of the QMS by conformance with certification to the international standard ISO 27001:2017.
The information Security Policy is authorised by Steve Rick, Chief Executive of Forensic Analytics. This policy is subject to regular review to ensure that it remains fit for purpose.
Qualio POL-2 V2.0
Name: Steve Rick
Role: Chief Executive