Information Security Policy

1.1 Security goals

Darcy Products Ltd is committed to safeguard the confidentiality, integrity and availability of all physical and electronic information assets of the institution to ensure that regulatory, operational and contractual requirements are fulfilled. The overall goals for information security at Darcy Products Ltd are the following:

  • Ensure compliance with current laws, regulations and guidelines.
  • Comply with requirements for confidentiality, integrity and availability for Darcy Products Ltd's employees, students and other users.
  • Establish controls for protecting Darcy Products Ltd's information and information systems against theft, abuse and other forms of harm and loss.
  • Motivate administrators and employees to maintain the responsibility for, ownership of and knowledge about information security, in order to minimize the risk of security incidents.
  • Ensure that Darcy Products Ltd is capable of continuing their services even if major security incidents occur.
  • Ensure the protection of personal data (privacy).
  • Ensure the availability and reliability of the network infrastructure and the services supplied and operated by Darcy Products Ltd.
  • Ensure that external service providers comply with Darcy Products Ltd's information security needs and requirements.
  • Ensure flexibility and an acceptable level of security for accessing information systems from off site.

1.2 Security strategy

Darcy Products Ltd's current business strategy and framework for risk management are the guidelines for identifying, assessing, evaluating and controlling information related risks through establishing and maintaining the information security policy (this document). It has been decided that information security is to be ensured by the policy for information security and a set of underlying and supplemental documents. In order to secure operations at Darcy Products Ltd even after serious incidents, Darcy Products Ltd shall ensure the availability of continuity plans, backup procedures, defence against damaging code and malicious activities, system and information access control, incident management and reporting.

The term information security is related to the following basic concepts:

  • Confidentiality - The property that information is not made available or disclosed to unauthorised individuals, entities, or processes.
  • Integrity - The property of safeguarding the accuracy and completeness of assets.
  • Availability - The property of being accessible and usable upon demand by an authorized entity.

Some of the most critical aspects supporting Darcy Products Ltd's activities are availability and reliability for network, infrastructure and services. Darcy Products Ltd practices, openness and principles of public disclosure, but will in certain situations prioritize confidentiality over availability and integrity.

Every user of Darcy Products Ltd's information systems shall comply with this information security policy. Violation of this policy and of relevant security requirements will therefore constitute a breach of trust between the user and Darcy Products Ltd, and may have consequences for employment or contractual relationships.

DATE March 2019