Information Security Management Policy

Information is the currency of our time. 

It is Cloud Gateway’s policy to maintain an Information Security Management System designed to meet the requirements of the ISO 27001:2013 Standards in pursuit of its primary objectives, purpose and the context of the organization.

Cloud Gateway provides satisfaction to all customers, stakeholders and interested parties whenever possible, meeting and exceeding expectations. Customer service is an essential part of the process; therefore, the organization provides all employees with training to ensure awareness and understanding of information security.

Cloud Gateway ensures the details of this policy are known to all internal and external interested parties; where appropriate and determine the need for communication and by what methods.  These include but are not limited to customers and suppliers and their requirements as documented in contracts and specifications.

Cloud Gateway complies with all legislation, regulations, codes of practice and all other requirements applicable to their activities.

Cloud Gateway provides all resources; inclusive of equipment, trained and competent staff and any other requirements to enable defined information security objectives to be met.

Cloud Gateway ensures that all employees are made aware of their individual obligations in respect of this information security policy.

Cloud Gateway maintains a management system that will achieve the company’s objectives and seek continual improvement in the effectiveness and performance of the management system based on “risk”.

Cloud Gateway has set information security objectives using the SMART (Specific, Measurable, Achievable, Realistic and Timed) principles. Objectives are planned and documented; inclusive of how each is to be achieved and actions required. Subsequently, the objectives are regularly monitored and reviewed. 

To ensure the company maintains its awareness for continuous improvement, the Information Security Management System is regularly reviewed at planned intervals the Senior Management Team to ensure it remains appropriate and suitable to the business. The Management System is subject to both internal and external audits; as appropriate.