Information Access Policy
This policy only applies to KS Staff and third parties who access to KS Systems.
Scope
The Information Security Policy and its supporting controls, processes and procedures apply to all information used at KS, in all formats. This includes information processed by other organisations in their dealings with KS.
The Information Security Policy and its supporting controls, processes and procedures apply to all individuals who have access to KS information and technologies, including third parties that provide information processing services to KS.
Compliance
Compliance with the controls in this policy will be monitored by the InfoSec team.
Review
A review of this policy will by the undertaken by the InfoSec team.
Policy Statement
It is KS’s policy to ensure that information is protected from loss of:
1 – Information Security Policies
A set of lower level controls, processes and procedures for information security will be defined, in support of the high-level Information Security Policy and its stated objectives. This will include identification and allocation of security responsibilities, to initiate and control the implementation and operation of information security within KS.
2 – Access Controls
Access to all information will be controlled and will be driven by business requirements. Access will be granted or arrangements made for users according to their role and the classification of information, only to a level that will allow them to carry out their duties.
3 – Cryptography
KS will provide guidance and tools to ensure proper effective use of cryptography to protect the confidentiality, authenticity and integrity of information and systems.
4 – Operations Security
KS will ensure the correct and secure operations of information processing systems. This will include:
5 – Communications Security
KS will maintain network security controls to ensure the protection of information within its networks, and provide the tools and guidance to ensure the secure transfer of information both within its networks and with external entities, in line with the classification and handling requirements associated with that information.
6 – Information Security Aspects of Business Continuity Management
KS will have in place arrangements to protect critical business process from the effects of major failure of information systems or disasters and to ensure their timely recovery in line with documented business needs.
This will include appropriate backup and built-in resilience.
Business impact analysis will be undertaken of the consequences of disasters, security failures, loss of service and lack of service availability