Wheatley is committed to implementing and operating an appropriate Information Security Management System in full compliance of ISO 27001:2013, formed of policies, processes and controls to maintain the confidentiality, integrity and availability of its, and its customers’, information and information processing facilities. The primary objective of the management system is to ensure that Wheatley fulfils all its information security obligations to customers and other interested parties.
The Information Security Management System provides the framework and sets the objectives for identifying and controlling risks to information security through the implementation of operational controls and continuous improvement, thus maximising our potential to fulfil all information security obligations to customers and other external parties, such as suppliers and business partners. It provides all interested parties and customers with the confidence that their information and information processing facilities shall be kept appropriately secure whilst under the control of Wheatley.
We recognise that our business relationships require on-going commitment to achieving business excellence at every level of Wheatley and its supply chain. Wheatley actively strive to continually deliver a high level of service and customer satisfaction and to protect both Wheatley’s and customers’ assets from threats whether internal, external, accidental or deliberate.
Wheatley senior management ensure the company protects information in terms of:
- Confidentiality – ensuring only authorised persons have access to information.
- Integrity – ensuring the validity, accuracy and completeness of information.
- Availability – ensuring information, software solutions and systems can be accessed by authorised persons when needed.
- Regulation – ensuring all applicable laws and regulation regarding UK businesses and the utilities sector are adhered to as a minimum standard within the Information Security Management System.
In particular, senior management will ensure that the policies that make up the Information Security Management Information System apply to all staff, contractors, suppliers and visitors, to maintain the availability, integrity and security of information within Wheatley’s premises, infrastructure, products and customer contracts. The policies are subject to regular awareness communication, training where appropriate and monitoring and review to check applicability, effectiveness and adherence.
Where non-conformities within the management system are observed, senior management will ensure that the appropriate corrective action is applied in a timely manner and the effectiveness of any actions are monitored until the non-conformity has been fully removed. This includes process changes, organisational changes and any disciplinary sanctions required.
It is the senior management team’s responsibility to continually monitor and mitigate risk, as a fundamental part of the management system, to protect all types of information belonging to Wheatley and our customers.