Duo Creative Services Ltd's objective of managing information security is to ensure that its core and supporting business operations continue to operate with minimal disruptions. Duo Creative Services Ltd shall ensure that all information that are disbursed or produced by Duo Creative Services Ltd have absolute integrity. Duo Creative Services Ltd shall guarantee that all relevant information are managed and stored with appropriate confidentiality procedures.
POLICYThe purpose of the Policy is to protect the organisation’s information assets (1) from all threats, whether internal or external, deliberate or accidental.The Managing Director has approved the Information Security Policy.It is the Policy of the organisation to ensure that:
- Information should be made available with minimal disruption to staff and the public as required by the business process (2)
- The integrity of this information will be maintained (3)
- Confidentiality of information not limited to research, third parties, personal and electronic communications data will be assured (4)
- Regulatory and legislative requirements will be met (5)
- A Business Continuity Management Framework shall be made available on request and Business Continuity plans will be produced to counteract interruptions to business activities and to protect critical business processes from the effects of major failures or disasters. Business continuity plans are be maintained and tested (6)
- Information security education, awareness and training will be made available to staff (7)
- All breaches of information security, actual or suspected, will be reported to, and investigated by the relevant authorities not limited to System Administration and Incident Response (8)
- Appropriate access control will be maintained and information is protected against unauthorised access.
- Policies, Procedures and Guidelines not limited to Information Security will be made available in both hardcopy and online on request.
- Internal Audit Unit has direct responsibility for maintaining the ISMS Policy and involved with writing and/or managing the development of relevant policies, procedures and guidelines not limited to information security.
- All managing directors are directly responsible for implementing the ISMS Policy within the company, and for adherence by their staff.
- It is the responsibility of each member of staff to adhere to the ISMS Policy.
- Information security is managed through Duo Creative Services Ltd’s Risk Management framework.
- The availability of information and information systems will be met as required by the core and supporting business operations.
- Information takes many forms and includes data stored on computers, transmitted across networks, printed out or written on paper, sent by fax, stored on tapes and diskettes, or spoken in conversation and over the telephone.
- This will ensure that information and vital services are available to users when and where they need them.
- Safeguarding the accuracy and completeness of information by protecting against unauthorised modification.
- The protection of valuable or sensitive information from unauthorised disclosure or unavoidable interruptions.
- This will ensure that the organisation remains compliant to relevant business, national and international laws and it include meeting the requirements stated in legislations such as the Malaysian Copyright Act 1987, Companies Act and the Data Protection Act.
- Business Continuity Management should be implemented effectively to ensure continuity of business operations in the event of a crisis or disaster.
- Ensure that relevant and effective trainings are provided to staffs.
- Ensure that the staff understand their roles and responsibilities in handling incidents and have a comprehensive and well-tested incident response plan ready.
The policy will be reviewed by Duo Creative Services Ltd after a one-year duration for update.
Click here to download a copy of the ISMS Policy >