Information Security Policy

Information Security Policy Dec 16 2020  for The Leadership Festival Trading as Qurio

1.Our Policy Statement

As the world around us becomes more complex and disruptive, yet more connected than ever before; much of our data and information is increasingly accessible to a wider audience, and with that comes wider risks.

This policy is central to our sense of right: we secure information because it is lawfully and morally right.

2.Policy Purpose

The purpose of this Policy is to appropriately safeguard information, data and those systems belonging to, or are the responsibility of, The Leadership Festival and its stakeholder (such as consultants, third parties, business partners, clients or customers and the general public), within a secure environment, whether physical or virtual.

This Policy informs ‘users’: those with access to The Leadership Festival’s data, information and associated facilities, of the principles governing the holding, use and disposal of data, information and systems processing them.

The terms ‘Information’, ‘Data’ and systems are interchangeable and intended to apply equal and broad protections to each defined and protected by laws, regulations, best practices and guidance.

To that end, we all ensure that this policy encourages a culture of privacy by design and default, in-line with Our Privacy Policy

3. Policy Goals

The Information Policy goals of The Leadership Festival are, where appropriate and possible to adequately ensure:

Confidentiality Integrity and Availability of information / information systems is maintained.

Information will be protected against unauthorised access, misuse or abuse.

Appropriate Business Continuity planning such as Back Ups will be maintained

Appropriate physical, logical, environmental and communications security will be maintained.

Data is kept to a minimum to achieve the goals it is intended for. When information is no longer of use, it is appropriately disposed of or returned securely.

Information security incidents, and/or discovered or notified misuse will be managed.

4.Information Security & Data Protection Policy Scope

Information or Data relates to the following assets, whether owned by, or the responsibility of The Leadership Festival  or those having access to data, information or systems:

  1. Electronic information systems and assets: software, applications (‘apps’), computers, laptops and peripherals, premises or facilities, phones and tablets including ‘smart’ devices) wherever they are deployed, accessed or connected, i.e. remotely, including Working From Home ‘WFH’.
  2. The Leadership Festival’s computer network used either directly or indirectly, including access from other networks.
  3. Hardware, software, data and information owned by, processed by, or controlled by The Leadership Festival or authorised persons with access, i.e. consultants and those carrying our administration duties.
  4. ‘Hard Copy’ materials such as paper or ‘Soft Copy’ electronic data, including electronic recording devices such as video, audio and videoconferencing facilities and recordings.
  5. Intellectual Property Rights including but not exclusively copyrights, patents, trademarks, and trade secrets.
  6. Any of The Leadership Festival information where confidentiality is self-evident by its nature such as financial information.

5.The Information Security Policy

The Leadership Festival requires all users to exercise a duty of care when using its data, information or systems.

Ownership & Accountability

Accountable ownership of ‘Information’, ‘Data’, Systems and this policy remains at all times with The Leadership Festival, and must ensure the following underlying principles are in place:

Systems are adequately and cost-effectively protected from unauthorised access, theft and damage.

Adequate Business Continuity commensurate with data, information and information system importance and by backing up data, data can be recovered in the event of loss of the primary source (Disaster Recovery).

Data is maintained to an appropriate degree of Confidentiality, Integrity and Availability.

That any parties entrusted with The Leadership Festival data understand their security responsibilities, primarily through this Information Security policy.

Accountable owners can be authorised users.

User Responsibility

Responsibility for supporting this policy and underlying principles is that of authorised users accessing The Leadership Festival’s data and information.

Authorised Users & Responsibilities

All users of The Leadership Festival information, data and systems must be authorised by an appropriate person or process authorised by those owning The Leadership Festival. Users must ensure:

All assets processing data or information must be secured by appropriate technical and/or logical means or controls such as: codes, encryption, passwords, and PINs and not shared. Users remain responsible for keeping such technical and logical access means confidential and up to date.

Processing data and information must use appropriately secure locations so that data Confidentiality, Integrity, Availability and resilience or recovery is appropriate and possible. For example, not using Desktop and/or similar unsecure personal drives or devices.

Equally assets processing data or information must be secured by appropriate physical controls such as secure storage and precautions.

Pay due, diligence, skill, care and attention to protect The Leadership Festival’s information in their possession. Particular care should be taken in a public space (such as eavesdropping), or in a shared space such as Working from Home ‘WFH’.

Confidential, personal or private information must not be copied or transported in any form (‘hard’ or ‘soft/electronic’) without considering: The Leadership Festival permission, risks of compromise, loss or falling into the wrong hands, and how the information will be secured during transport and at its destination.

All those with access to information, data and systems must act in a manner that supports the principles of Our Privacy Policy

Acceptable use of data, information and systems

Access to The Leadership Festival data, information and systems is permitted for only business purposes.

Use of The Leadership Festival’s data, information and systems by authorised users will be lawful, honest and decent and take account of others’ rights, sensitivities and protections.

Authorised users have no privacy where using The Leadership Festival data, information or information systems.

The Leadership Festival may access or monitor personal data contained in any The Leadership Festival information system (mailboxes, web access logs, file-store, etc).

6.Enforcement

Any individuals in breach of this policy can be subject to remedial and legal action as appropriate.

7.Policy Maintenance Guidance & Change

Maintenance & Guidance

The Leadership Festival ensures that an appropriate person is responsible for maintaining and implementing this policy.

Changes to this policy & our contact details

We review this policy to remain compliant. If you have queries about this policy, contact The Leadership Festival admin@theleadershipfestival.org