QCIC is committed to preserving the confidentiality, integrity and availability of all the physical and electronic information assets throughout our business in order to preserve our competitive edge, cash flow, profitability, legal, regulatory and contractual compliance and commercial image.
Information and information security requirements are aligned with QCIC goals and our Information Security Management System (ISMS) is intended to be an enabling mechanism for information sharing, for electronic operations and for reducing information related risks to acceptable levels.
Our strategic business plan and risk management framework provide the context for identifying, assessing, evaluating and controlling information-related risks through the establishment and maintenance of an ISMS. Our risk assessments and risk treatment plans identify how information-related risks are controlled. Our Infrastructure Manager is responsible for the management and maintenance of the risk treatment plans. Additional risk assessments may, where necessary, be carried out to determine appropriate controls for specific risks.
In particular, business continuity and recovery plans, data back-up procedures, avoidance of viruses and hackers, access control to systems and information security incident reporting are fundamental to this policy. Control objectives for each of these are areas contained in our Information Security Manual and are supported by specific, documented policies and procedures.
We have established an Information Security Committee to support the implementation of the Information Security Management System.