InformationSecuritypolicystatement
Keltbray Holdings Ltd and subsidiary companies* (referred to as Keltbray herein) are committed to preserving the confidentiality, integrity and availability of all the physical and electronic information throughout the organisation. Failure in any of these areas can result in disruption to the services that Keltbray provide as well as loss of confidence in the organisation by existing and potential customers, employees and third party stakeholders. The security of our information and other assets is therefore regarded as fundamental to the successful operation of Keltbray. Keltbray are committed to compliance with the requirements of the Data Protection Act 2018 (DPA 2018) and the general principles of Data Protection Regulations (GDPR). Adherence to this policy will help to protect Keltbray, our customers, employees and third party stakeholders from information security threats, whether internal or external, deliberate or accidental. Information and information security requirements will continue to be aligned with Keltbray’s goals. The Keltbray Business Management System is intended to be a supporting tool for information sharing, for electronic operations, and for reducing information-related risks to acceptable levels.
Keltbray’s current strategic business plan and risk management framework provide the context for identifying, assessing, evaluating and controlling information-related risks through the establishment and maintenance of the Business Management System. There are procedures and guidance for employees related to data protection, privacy requirements and use of information technology. There is an ongoing process of training employees on data protection to raise awareness of information security and Keltbray requirements.
In particular, business continuity and contingency plans, data back-up procedures, avoidance of viruses and hackers, access control to systems and data breach reporting are fundamental to this policy. Control objectives for each of these areas are contained in documented policies and procedures in the Business Management System.
Keltbray aims to achieve specific, defined information security objectives, which are developed in accordance with business objectives, the context of the organisation, the results of risk assessments and the risk treatment plan. These objectives include:
– Promote this policy and raise awareness of information security throughout Keltbray
– Provide appropriate information security training for our employees
– Provide a secure working environment for employees at Keltbray locations
A commitment to satisfy applicable requirements related to information security including regulations, legislation and contractual obligations
– Ensure that information it manages shall be secured to protect against the consequences of breaches of confidentiality, failures of integrity or interruptions to the availability
All Keltbray employees are expected to comply with this policy and with the Business Management System that implements this policy. The consequences of breaching the information security policy are set out in the Keltbray disciplinary procedure and in contracts and agreements with third parties.
We are committed to good information security provision and to continuous systematic review and improvement of our information security processes.
Keltbray and its management team fully support this policy and are committed to provide competent personnel and financial resources to implement it. This policy statement shall be reviewed at least annually by all interested parties. All Keltbray policies are available on the Keltbray Business Management System. New employees are briefed on the use of the Business Management System and locations of the Keltbray policies and any reviews or key changes in the policies are advised to employees.
Refer to GRP-CAL-FRT-004 for the list of Keltbray companies this Policy covers.
Darren James Date: July 2023 Group CEO