Information Security Policy
Information Security Policy
IVQAA provide a portfolio of internationally recognised professional qualifications and assessments, services which rely on information assets. We are committed to using this information in line with ethical, responsible, and professional working practices, along with statutory, regulatory, and contractual requirements.
This is of critical importance in the market in which we operate and fundamental to the success of our business, so we must ensure we adhere to these principles when handling the information of our students, members, clients, employees, and suppliers.
We are expected to pay particular regard to the following when dealing with information and data:
- Confidentiality – ensuring information is not made available to unauthorised entities
- Integrity – protecting the accuracy and completeness of information
- Availability – ensuring information is accessible and usable when an authorised entity
Requires access
Senior management is committed to the continuous improvement of the information security management system and will review processes and activities to enable this. Information security objectives are reviewed twice annually during a management review, with new information security objectives being set to align with strategic objectives as required.
Awareness training is provided to all employees and each update to this, and other information security policies are communicated internally. The aim of these policies is to ensure that all staff understand the importance of information security management as it relates to the information they gather, process and store.