Information Security Management
Who isn't worried about the security of their data these days?
ISO/IEC 27001:2005 is the international standard for information security management, setting organisational best practice for the security of business sensitive information in physical or digital form.
CMC was accredited with ISO 27001 in 2009, following a stringent external audit of our working practices, contracts, supplier management and IT systems. Our implementation is reviewed and monitored by CMC's internal Business Systems Assurance Manager who recommends system improvements to the CMC Information Security Management Team. This team consists of data control managers from across the company who:
- Risk assess company information assets
- Review legislative and contractual compliance
- Set policy and implement controlling procedures to mitigate against identified risk
- Review incidents, business continuity plans and agree continuous improvement actions.
A specialist auditor provides external verification of CMC's compliance to the requirements of the standard on an annual basis. This provides us with the assurance that we have implemented good practice and that we have taken every step possible to ensure your information is safe with us.