Information Technology Coalition (ITC) has established an information security policy which is designed to protect the confidentiality, integrity and availability of systems and information assets that contain ITC information by preventing and reducing the potential impact of security incidents. ITC manages assets and the risks to those assets and maintains an Information Security Management System (ISMS) in accordance with ISO 27001. Computer information systems and networks are an integral part of business at ITC. The company has made a substantial investment in human and financial resources to create these systems.
ITC’s policies and directives have been established to ensure that:
- ITC’s information assets are safeguarded against internal, external, deliberate or accidental threats.
- Information assets are protected from unauthorized access
- Confidential and other information such as Personally Identifiable Information (PII) will be properly maintained and controlled
- Services and information assets are managed to support their integrity
- Services that enable the availability of information assets will be managed in accordance with ITC’s services
- Continuity of Operations Plans and tests are maintained to support the availability and return-to-service of assets in case of unforeseen circumstances
- Regulatory, legislative, and contractual commitments related to information security are met and supported by methods to capture and review emerging requirements
- Information Security orientation and training is provided to all employees to reduce the likelihood of security incidents
- All information security breaches, incidents or events are to be reported directly to ITC immediately.