Preservica’s standard-based (ISO 14721, OAIS) active digital preservation solution is used by leading businesses, archives, libraries, museums and government organizations globally to safeguard valuable digital records and information, for decades to come.
To provide such a solution, Preservica develops software and services, directly and with business partners. The Board and management of Preservica are committed to preserving the confidentiality, integrity and availability of all physical and electronic information assets throughout the organisation.
Preservica recognises that information security is key to the success of the business. Within our operations we aim to prevent and minimize the impact of security incidents in order to enhance our reputation and support business growth in line with our strategic direction.
To support the above requirements Preservica has implemented an information security management system (ISMS) which complies with the ISO 27001:2013 standard. The ISMS details the organisation’s direction and commitment to the security of information. For this purpose an Information Security Manager has been appointed who will ensure that non-compliances and exceptions will be handled as defined in the ISMS procedures.
The purpose of the policy is to help protect Preservica’s information assets, and those of customers or other parties while in Preservica control, from all threats whether internal or external, deliberate or accidental.
It is Preservica’s policy to ensure that:
This policy, and the ISMS which defines procedures to support the implementation of the policy, along with a framework for risk assessments and risk management, are a demonstration of our commitment to protect all information within the organisation, and to satisfy all the relevant requirements of the ISO 27001:2013 standard.
Preservica’s ISMS Statement of Applicability (SoA), version 1, dated 31 October 2016, which complies with Annex A of the standard, sets out the way in which the ISMS encompasses Preservica’s activities and processes that would impact on its obligations to protect data held at 22 The Quadrant, Abingdon Science Park, Abingdon, Oxfordshire, OX14 3YS or data within control of Preservica but stored elsewhere, and all information handling assets deemed to have a significant information security risk, up to the point at which the information is received by its intended recipient.
ISO 27001 applies to our standard products, the hosting of such products, but does not apply to bespoke products that Preservica may develop for customers. Preservica develops software to a minimum security baseline and any additional customer security requirements are documented in individual project management plans or relevant project documents.
Preservica will manage information security to ensure that its core and supporting business operations continue to operate with minimal disruptions by securing the protection of:-
The above objectives will be met by ensuring effective operation of the ISMS, allocation of responsibility, training and awareness. Objectives, responsibilities and targets are set out and renewed at least annually.
All employees of Preservica are expected to comply with this policy and the implemented ISMS. Certain external parties identified in the ISMS are also requested to comply with this policy and as required such parties will receive appropriate training.
Preservica is committed to continually improve the ISMS, its working standard and the protection of information as defined in the scope. Continued improvement will take place by regular management reviews, effective communication, internal audits and independent certification to the ISO standard.
This policy is communicated, understood and applied by all employees, and is made available to relevant interested parties as appropriate.
SEC-PY01 – January 2017