INFORMATION SECURITY POLICY
The CFS management team is committed to preserving the confidentiality, integrity, and availability of all the physical and electronic information/data assets throughout the organization in order to preserve its competitive edge, cash flow, profitability, legal, regulatory, and contractual compliance, and commercial image.
Information and information security requirements will continue to be aligned with CFS’ operations and strategic goals. CFS has chosen to conform to the ISO27001 standard for an Information Security Management System (ISMS). CFS’ current strategic business plan and intended risk management framework provide the context for identifying, assessing, evaluating, and controlling information-related risks through the establishment and maintenance of an enhanced ISMS.
Fundamental to this policy are:
• Safeguarding the information and personal information of employees, clients, and client’s customers
• Information security generally
• Data governance and classification
• Asset inventories and device management
• Access controls and identity management
• Business continuity and contingency plans, and disaster recovery planning and resources
• Systems operations and availability (when/where applicable)
• Systems security (when/where applicable)
• Systems monitoring (when/where applicable)
• Physical security and environmental controls
• Vendor and third-party service provider management (when/where applicable)
• Risk assessment
• Data backup procedures
• Information security incident reporting
CFS aims to achieve specific, defined information security objectives, which are developed in accordance with the business objectives, the context of the organization, the results of risk assessments, and the risk treatment plan. All Employees/Staff of CFS and certain third parties (when applicable or appropriate) are expected to comply with this policy and with the ISMS that implements this policy, now and in the future. All Employees/Staff, and certain third parties, will receive appropriate training. The ISMS will be subject to continuous, systematic review and improvement.