Information Security Policy Statement

Enable ISO recognizes that through the day-to-day operation of its business, we have an impact on our internal and external environment.

Also, we ensure that due consideration is given to the potential impact that information and privacy security aspects may have on the operation of our core processes.

As a result, Enable ISO has established this Information Security Policy Statement, to communicate awareness and understanding of data protection throughout the business.

Enable ISO has implemented this policy statement to provide guidance to all interested parties on our approach to managing personal information throughout our organization, with full consideration for our obligation toward relevant data protection legislation, including EU-GDPR.

The company management system has been developed to include appropriate measures determined by the ISO 27001 Standard.

To ensure that all relevant interested parties have a clear understanding of our approach to information and privacy security management, we have adopted the following definitions for the term “information security”

• The preservation of confidentiality, integrity and availability of information. (ISO 27000:2018, Clause 3.28)

• The state of being protected against the unauthorized use of information, especially electronic data, or the measures taken to achieve this. (Oxford Languages)

For the purposes of conformity to EU-GDPR, information security management extends to cybersecurity and privacy protection.

Enable ISO has appointed Phil Byrne to develop and implement company initiatives to help us achieve our information and privacy security objectives.

Their role will also involve communicating information security policies to all interested parties through the delivery of internal presentations and promoting awareness externally as appropriate.

While Enable ISO ensures that all personnel consider process related Information & Privacy Security impacts, we have also identified the following aspects for particular attention;

• Enable ISO ensures that we meet relevant regulatory requirements and minimise any adverse Information & Privacy Security effects caused as a result of our activities,

• That we raise awareness, provide knowledge and support to employees on Information & Privacy Security management,

• Give training on the importance of protecting business and customer information throughout our business,

• Promote an awareness of Information & Privacy Security objectives,

• Regularly review our Information & Privacy Security practices and policy in accordance with the principles ISO 27001,

• Establish performance objectives, targets and management programmes to achieve these.

Where appropriate, Enable ISO has determined specific mechanisms to control how personal data is managed throughout operational and support processes, based on the following precepts with consideration for Article 5 of the GDPR directive (Principles relating to the processing of personal data);

• That personal information gathered is only done so for the legitimate purposes of our business, including where necessary, legal and regulatory purposes,

• Only the minimum amount of information necessary for effective operations is processed,

• Where Enable ISO requires that children’s information is processed, training is provided to personnel involved so that they are aware of the relevant vulnerabilities and controls,

• Where necessary to collect information directly from children, additional control measures are in place to ensure adequate protection,

• Enable ISO ensures that we only process relevant and adequate personal information throughout operations,

• That personal information is processed in a fair and lawful manner,

• Enable ISO maintains an inventory of categories of personal information processed by the organization,

• That all personal information is kept accurate and up-to-date,

• All personal information is only retained for as long as is necessary for legal or regulatory reasons or for legitimate organizational purposes, ensuring it’s timely and appropriate disposal,

• That in all circumstances, the rights of natural persons to their personal information is respected,

• Adequate resources have been allocated to ensuring that all personal information processed and stored by Enable ISO is done so in a secure operational environment,

• That transferring personal information outside our national boundary is only done in circumstances where it can be adequately protected,

• Where we are providing our goods and services to EU citizens across national boundaries, Enable ISO ensures that appropriate regulatory aspects are addressed,

• Enable ISO does not currently carry out any operations where the application of the various exemptions allowable by data protection legislation is required,

• We have developed our management system to provide for the formal management of personal information, which provides for all measures documented herein,

• Enable ISO has identified internal and external interested parties and the degree to which they are involved in the governance of the organization’s management system relevant to personal information,

• Top management has appointed management representatives for with specific responsibility and accountability for personal information within the management system,

• Appropriate records of processing of personal information is maintained throughout operations.

All risk assessments are carried out with the main objective being to manage the confidentiality, integrity and availability of company information and systems.

Management has developed and approved the Organizational Risk & Business Continuity Management Policy Statement to provide an overview of the Enable ISO methodologies for risk assessments, risk treatments, incident response and business continuity.

All relevant personnel are provided with the necessary resources to prepare for and respond to potential threats to information security, with regular testing and evaluation of our incident response and business continuity planning, for continual suitability and effectiveness.

Enable ISO has implemented an Internal Audit Programme to ensure the ongoing suitability, conformity and continual improvement of the management system is assured.

The management system has the full support of all interested parties.

Information and privacy security aspects are considered at our management meetings, where the results of internal audits and risk assessments are considered for continual suitability and effectiveness.

All operational and support processes are within the scope of the management system. Relevant personnel have been provided with a copy of this document, and it remains available in the Enable ISO document system for further reference.