Discover new ways to be yourself Qurio Experiences
Make your Qurio Experience Personal Localisation & Currency Options
(£) GBP (Default)
- (€) EUR
- ($) USD
Information Security Policy Dec 16 2020 for The Leadership Festival Trading as Qurio
As the world around us becomes more complex and disruptive, yet more connected than ever before; much of our data and information is increasingly accessible to a wider audience, and with that comes wider risks.
This policy is central to our sense of right: we secure information because it is lawfully and morally right.
The purpose of this Policy is to appropriately safeguard information, data and those systems belonging to, or are the responsibility of, The Leadership Festival and its stakeholder (such as consultants, third parties, business partners, clients or customers and the general public), within a secure environment, whether physical or virtual.
This Policy informs ‘users’: those with access to The Leadership Festival’s data, information and associated facilities, of the principles governing the holding, use and disposal of data, information and systems processing them.
The terms ‘Information’, ‘Data’ and systems are interchangeable and intended to apply equal and broad protections to each defined and protected by laws, regulations, best practices and guidance.
The Information Policy goals of The Leadership Festival are, where appropriate and possible to adequately ensure:
Confidentiality Integrity and Availability of information / information systems is maintained.
Information will be protected against unauthorised access, misuse or abuse.
Appropriate Business Continuity planning such as Back Ups will be maintained
Appropriate physical, logical, environmental and communications security will be maintained.
Data is kept to a minimum to achieve the goals it is intended for. When information is no longer of use, it is appropriately disposed of or returned securely.
Information security incidents, and/or discovered or notified misuse will be managed.
Information or Data relates to the following assets, whether owned by, or the responsibility of The Leadership Festival or those having access to data, information or systems:
The Leadership Festival requires all users to exercise a duty of care when using its data, information or systems.
Ownership & Accountability
Accountable ownership of ‘Information’, ‘Data’, Systems and this policy remains at all times with The Leadership Festival, and must ensure the following underlying principles are in place:
Systems are adequately and cost-effectively protected from unauthorised access, theft and damage.
Adequate Business Continuity commensurate with data, information and information system importance and by backing up data, data can be recovered in the event of loss of the primary source (Disaster Recovery).
Data is maintained to an appropriate degree of Confidentiality, Integrity and Availability.
That any parties entrusted with The Leadership Festival data understand their security responsibilities, primarily through this Information Security policy.
Accountable owners can be authorised users.
Responsibility for supporting this policy and underlying principles is that of authorised users accessing The Leadership Festival’s data and information.
Authorised Users & Responsibilities
All users of The Leadership Festival information, data and systems must be authorised by an appropriate person or process authorised by those owning The Leadership Festival. Users must ensure:
All assets processing data or information must be secured by appropriate technical and/or logical means or controls such as: codes, encryption, passwords, and PINs and not shared. Users remain responsible for keeping such technical and logical access means confidential and up to date.
Processing data and information must use appropriately secure locations so that data Confidentiality, Integrity, Availability and resilience or recovery is appropriate and possible. For example, not using Desktop and/or similar unsecure personal drives or devices.
Equally assets processing data or information must be secured by appropriate physical controls such as secure storage and precautions.
Pay due, diligence, skill, care and attention to protect The Leadership Festival’s information in their possession. Particular care should be taken in a public space (such as eavesdropping), or in a shared space such as Working from Home ‘WFH’.
Confidential, personal or private information must not be copied or transported in any form (‘hard’ or ‘soft/electronic’) without considering: The Leadership Festival permission, risks of compromise, loss or falling into the wrong hands, and how the information will be secured during transport and at its destination.
Acceptable use of data, information and systems
Access to The Leadership Festival data, information and systems is permitted for only business purposes.
Use of The Leadership Festival’s data, information and systems by authorised users will be lawful, honest and decent and take account of others’ rights, sensitivities and protections.
Authorised users have no privacy where using The Leadership Festival data, information or information systems.
The Leadership Festival may access or monitor personal data contained in any The Leadership Festival information system (mailboxes, web access logs, file-store, etc).
Any individuals in breach of this policy can be subject to remedial and legal action as appropriate.
Maintenance & Guidance
The Leadership Festival ensures that an appropriate person is responsible for maintaining and implementing this policy.
Changes to this policy & our contact details
We review this policy to remain compliant. If you have queries about this policy, contact The Leadership Festival firstname.lastname@example.org