Modality Systems

Information Security Management System (ISMS) Policy


ISMS Policy

It is the policy of Modality to maintain an information management system designed to meet the requirements of ISO 27001:2017 in pursuit of its primary objectives, the purpose and the context of the organisation. It is the policy of Modality to:

  • Make the details of our policy known to all other interested parties, including external where appropriate, and determine the need for communication and by what methods relevant to the business management system

  • Comply with all legal requirements, codes of practice and all other requirements applicable to our activities; Modality is committed to satisfy applicable requirements related to information security and the continual improvement of the ISMS

  • Provide all appropriate resources, equipment, training and competent staff and any other requirements to enable these objectives to be met

  • Ensure that all employees are made aware of their individual obligations in respect of this information security policy

  • Maintain a management system that will achieve these objectives and seek continual improvement in the effectiveness and performance of our management system based on risk

This information security policy provides a framework for setting, monitoring, reviewing and achieving our objectives, programmes and targets. To ensure the company maintains its awareness for continuous improvement, the business management system is regularly reviewed by “Senior Management” to ensure it remains appropriate and suitable to our business. The Business Management System is subject to both internal and external annual audits.


Scope of the Policy

The ISMS covers the management, operation and maintenance of the information assets and information systems by the company in pursuit of the company’s business activities; providing strategic consultancy and design, deployment, end-user adoption, application development and support services to public and private sector clients. It also relates where appropriate to external risk sources including functions which are outsourced.

AS SIGNED, AS DATED

Senior Management