Information Security Policy
At Collective Minds, information is fundamental to everything we do, from delivering our services, to serving our customers, to making effective decisions. We are proud of our commitment to protecting all of our data as part of a business continuity strategy, risk management, and ongoing efforts to promote a culture of information security.
This policy document describes the Information Security Management System (or ISMS) that our Collective Minds uses. Anyone in Collective Minds (or at key positions at suppliers) that is handling confidential or sensitive data should be aware of this policy and act in accordance with it.
Furthermore, if anyone observes something in our company that is not in line with this policy, he or she should report this immediately. This can be done either by informing our information security officer (CISO – firstname.lastname@example.org), our Data Protection Officer (DPO – email@example.com) or to any member of the security team.
The entire management team of our company has been involved in creating this policy and is fully committed to making sure we are compliant.
Collective Minds implements an Information Security Management System (ISMS) as part of our overall Quality Management System to enable us to identify and minimize the risks to which information is exposed. In addition, the system establishes a culture of information security and ensures compliance with applicable legal, contractual and other requirements imposed by our clients and interested parties.
A fundamental aspect of the policy is the implementation, operation and maintenance of an ISMS based on ISO 27001 covering the scope Management and development of web applications for medical purposes.
Basic aspects of Collective Minds’ information security policy:
- Ensuring the confidentiality, integrity and availability of the information.
- Comply with all applicable legal requirements.
- Establishment of a continuity plan allowing for swift recovery from any disaster.
- Train and educate all employees on information security.
- Properly manage all incidents as they occur.
- All employees are informed of their information security duties and obligations and are responsible for fulfilling them.
- Communicate to all Collective Minds staff and anyone who works on their behalf the mandatory compliance with this Policy, including contractors and visitors to our facilities.
- There is a security officer in charge of the organization’s information security management system (ISMS).
- Continuously improve the ISMS and, therefore, the organization’s information security.
Chief Information Security Officer (CISO)