PECB MS Quality and Information Security Policies
It is the policy of our organization to:
- Define and meet our Customer's requirements.
- Ensure that our Policies and Procedures are clear and concise to reflect what we actually do.
- Monitor and analyze performance metrics and make any necessary changes or adjustments as appropriate effecting Customer programs, Customer satisfaction, the Quality Management System, and/or any related entities.
- Educate all employees about the linkages between their jobs and Customer satisfaction.
- Ensure effective Customer and internal communication.
- Foster a team approach to problem solving and preventive action by empowering all employees to be quality ambassadors.
- Instill organization’s Quality Management system into the Company's culture and daily practices as a long-term commitment to quality, continuous improvement, and customer satisfaction.
- Meet and/or exceed our Customer's expectations through continuous improvement.
- Guarantee that organization’s top management meets regularly with the Quality Management representative to review and ensure the effectiveness of the Quality Management System.
Information Security Policy
- Information should always be protected, regardless of how it is formed, shared, communicated or stored.
- Information can exist in many forms. It can be printed or written on paper, stored electronically, transmitted by post or by using electronic means, shown on films, or spoken in conversation.
- Information security is the protection of information from a wide range of threats in order to ensure business continuity, minimize business risk, and maximize return on investments and business opportunities.
- This policy applies to all departments in the organization.
Information Security Objectives
- Strategic and operational information security risks are understood and treated to be acceptable to the organization.
- The confidentiality, integrity and availability of customer information, product development and all confidential information are assured.
Information Security Principles
- This organization encourages risk-taking and tolerates risks provided that information risks are understood, monitored and treated when necessary.
- All employees will be made aware and accountable for information security as relevant to their role.
- Provision will be made for funding information security controls in operational and project management processes.
- Information security risks will be monitored and action taken when changes result in risks that are unacceptable.
- Situations that could place the organization in breach of laws and statutory regulations will not be tolerated.
- Management is responsible for ensuring that information security is adequately addressed throughout the organization. Management shall also review this policy annually, or as needed when significant changes occur in the organization, and document this review.
- Each manager is responsible for ensuring that the people who work under their control protect information in accordance with the organizations requirements.
- Every staff member has information security responsibilities as part of doing their job.