Introduction

Sanser Ltd Information Security Policy applies to all business functions within the scope of the Information Security Management System and covers the information, information systems, networks, physical environment and people supporting these business functions. This document states the Information Security objectives and summarises the main points of the Information Security Policy.

Objective

The objective of Information Security is to ensure business continuity and minimise business damage by preventing and minimising the impact of security incidents. In particular, information assets must be protected in order to ensure:

  1. Confidentiality i.e. protection against unauthorised disclosure
  2. Integrity i.e. protection against unauthorised or accidental modification
  3. Availability as and when required in pursuance of Sanser Ltd business objectives.

Responsibilities

  1. The Director has approved the Information Security Policy.
  2. Overall responsibility for Information Security rests with the Medical Administrator.
  3. Day-to-day responsibility for procedural matters, legal compliance including data protection, maintenance and updating of documentation, promotion of security awareness, liaison with external organisations, incident investigation, management reporting etc. rests with the Compliance Officer
  4. Day-to-day responsibility for technical matters, including technical documentation, systems monitoring, technical incident investigation and liaison with technical contacts at external organisations, rests with the Compliance Officer
  5. All employees or agents acting on Sanser’s behalf have a duty to safeguard assets, including locations, hardware, software, systems or information, in their care and to report any suspected breach in security without delay, direct to the ISMS Manager. Employees attending sites that are not occupied by Sanser must ensure the security of the company’s data and access their systems by taking particular care of laptop and similar computers and of any information on paper or other media that they have in their possession.
  6. The Director is responsible for drafting, maintaining and implementing this Security Policy.
  7. As with other considerations including Quality and Health & Safety, Information Security aspects are taken into account in all daily activities, processes, plans, projects, contracts and partnerships entered into by Sanser Ltd.
  8. Sanser employees are advised and trained on general and specific aspects of Information Security, according to the requirements of their function within the Organisation. The Contract of Employment includes a condition covering confidentiality regarding company business.
  9. Adherence to Information Security procedures as set out in Sanser’s various policies and guideline documents is the contractual duty of all employees and a clause to this effect is set out in the Organisation’s Contracts of Employment.
  10. Breach of the Information Security policies and procedures by company employees may result in disciplinary action, including dismissal.
  11. In view of the Organisation’s position as a trusted provider of quality medical reports, particular care is taken in all procedures and by all employees to safeguard the Information Security of its service users and/or clients.
  12. Agreements of Mutual Non-disclosure/Confidentiality are entered into as appropriate with third party Companies.
  13. All statutory and regulatory requirements are met and regularly monitored for changes.
  14. A Disaster Recovery/Business Continuity Plan is in place. This is maintained, tested and subjected to regular review by the Director.
  15. Further policies and procedures such as those for access, acceptable use of e-mail and the Internet, virus protection, backups, passwords, systems monitoring etc. are in place, maintained and are regularly reviewed by the Director, as appropriate.
  16. This Information Security Policy is regularly reviewed and may be amended by the Director in order to ensure its continuing viability, applicability and legal compliance, and with a view to achieving continual improvement in the Information Security Systems.

January 2024

Dr Robert C Patterson

Director : Sanser Ltd

Contact

To make an appointment or discuss any aspect of administration:

Administrator: Rachel
admin@sansermedical.co.uk
0151 545 5330

In relation to any medical aspects of a case:

Dr Rob Patterson
rob@sansermedical.co.uk
07808 469911