Skip navigation Home page Contact us Accessibility

communisis news

Communisis secures multi-site FSC / PEFC Certification

20/08/07

view all news items

Home > About Communisis Sourcing > Our Policies > Information Security Policy

Information Security Policy

Approach

Communisis as a group views information and the supporting processes, systems and networks as being critical to the way in which it works. Individual locations within the group have their own information security policies and procedures designed to meet the specific requirements of their areas of operation. These take into account British Standards, International Standards and other relevant legislation including the Data Protection Act. These policies and procedures are specifically benchmarked against ISO/IEC 27001:2005. These are used by Communisis and its suppliers as a base line for the development of information security management in all areas from personnel security through, physical and environmental security to business continuity management. Everyone is encouraged to take this into account as an important part of their normal working activity.

Scope

All manufacturing sites within Communisis are all contractually obligated to obtain certification to ISO/IEC 27001:2005 due to the nature of the work carried out. Other areas of group are required to operate to the requirements of ISO/IEC 27001:2005. Information security policies and systems are locally managed taking into account the local business needs. Where appropriate, suppliers will also be subject to certification.

The Communisis approach to information security also applies to the management of the supply chain. It requires those responsible for negotiating and managing suppliers to ensure that appropriate security requirements are included in contracts, and that the service provider is able to deliver acceptable levels of service to Communisis.

Reference
  • ISO/IEC 27001:2005 - Information Technology - Security Techniques - Information Security Management Systems - Requirements
  • ISO/IEC 27002:2005 (was ISO/IEC 17799:2005) - Security Techniques - Code of Practice for Information Security Management
  • BS 25999-1:2006 Code of practice for business continuity management
  • Payment Card Industry – Data Security Standard v 1.1
  • APACS Standards
  • COBiT 4.1



Susan Ashton – Group Information Security Manager
Version 5, Issue 4
Created May 2007 – Updated Aug 2008


Visit our foreign sites:

UK Poland Holland France Belgium

© 2007-08 Communisis plc.