Information Security Policy

IS-01
Version 1

Wi5 Technologies Ltd are committed to the development and continual improvement of Information
Security and Data Protection and its supporting information security management system, in order to
provide;

● Assurance with legal, regulatory and contractual obligations
● Reputation management
● Protection of critical assets
● Protection of Personal Data as defined by the Data Protection Act 2018 and the GDPR.

Within Wi5 Technologies Ltd, the terms ‘Information Security’ and ‘Data Protection’ are intended to
describe the same thing, which is the pro-active protection of information/data in all its forms which is
under the control of Wi5 Technologies Ltd. This document can be referenced as either ‘The Data
Privacy Policy’ or the ‘Information Security Policy’
Information is seen as a critical asset of Wi5 Technologies Ltd and therefore Wi5 Technologies Ltd
have developed a set of policies for information security which are approved by management,
published and communicated to employees and relevant external parties. These take into account;

● Business strategy;
● Regulatory, legislation and contractual needs; and
● Current and projected information security threats.

Information Security is defined as the “preservation of confidentiality, integrity and availability of
information” . In addition, other properties such as authenticity, accountability, non-repudiation and
reliability can also be involved as deemed appropriate to the situation and circumstances.
The core objective of Information Security is to ensure the continuity of service of Wi5 Technologies
Ltd and minimise the risk of damage by preventing security incidents and managing security threats
and vulnerabilities.

Information Security policies are in place to protect Wi5 Technologies Ltd’s informational assets
against internal, external, deliberate or accidental threats and vulnerabilities.

Information Security Objectives

In line with this policy and all supporting information security policies Wi5 Technologies Ltd shall
ensure that:

● Reduce the risk of deliberate or accidental losses from internal threats
● Improve defences against external threats
● Manage the costs associated with Information Security
● Continually improve the ISMS and Data Protection Practices

Compliance

Everyone working for Wi5 Technologies Ltd has a duty of care for safeguarding the confidentiality,
integrity and availability of written, spoken and digital information and are required to comply with this
and related Information Security Policies.

All aspects of the security program will be routinely audited to ensure compliance on an annual basis.
The objective of this policy is to provide clear direction and support for an information security
framework within Wi5 Technologies Ltd. This is the primary policy to which all other supporting policy
and standards documents are subordinate. This policy will facilitate measurement against and
compliance with, ISO27001:2013.

Scope

The policy applies to all permanent, temporary, and contract staff within Wi5 Technologies Ltd, and
the scope of the ISMS within Wi5 Technologies Ltd is outlined within the ‘Context and Management
System’ document.

Where outsourced services are provided to Wi5 Technologies Ltd, then reliance is placed upon
contractual and legal obligations for the management of information. As a minimum, the service
provider is expected to adhere to the Data Protection Act 2018, and GDPR for personal data.
The application of the policy does not apply to clients of Wi5 Technologies Ltd, who are expected to
have their own Information Security Policy.

Document Management

This document will be made available throughout the business. It will be reviewed for update:

● When specific changes (e.g. organisational, legal, regulatory) have occurred which impact on
the policy
● Annually, within 30 days of the anniversary of this document’s initial issue
● In response to any concerns raised as to the policy’s effectiveness

Exceptions

Exceptions to the Information Security Policy require the written recorded agreement of a member of
the SSG.

This Policy
This document, and the policies within it are subject to ongoing review as part of the annual review
cycle and are signed off, annually by the CEO of Wi5 Technologies Ltd, who is ultimately accountable
for Information Security at Wi5 Technologies Ltd.