Information Security

The Information Security Management System (ISMS) Policy of ESA Risk is to determine, agree and conform to our client’s needs and expectations, whilst fulfilling the requirements of British Standard, European Standard and The International Organisation for Standardisation (BS EN ISO) 27001:2022 and statutory law.

We recognise that to be competitive and maintain good economic performance in the risk management and investigations market, we must employ management systems that continually improve the Information Security of our products and services that in turn increases the satisfaction of our interested parties.

The key objectives of BS EN ISO 27001 are that the Management System provides:

  • ESA Risk, incorporating senior representatives from all departments, is charged with the management and approval functions associated with the ISMS.
  • ESA Risk is charged with establishing and continually improving the ISMS.
  • ESA Risk will provide the framework for setting objectives and establishing an overall sense of direction of principles for action with regard to security.
  • The ISMS will take into account business and legal or regulatory requirements and contractual security obligations.
  • The approach to information security will be based on risk, as per the BS EN ISO 27001:2022 standard and best practice.
  • The ISMS procedures will establish risk evaluation criteria that are aligned with the current ESA Risk approved corporate strategic risk management procedures and policies.
  • The creation of the ISMS will include listing all information assets and the security risks that may arise for each. The resultant information will inform us of prospective mitigation priorities.
  • We will periodically review the company’s current practices, policies and guidance to recommend any changes or improvements to ensure we apply appropriate security measures.
  • We are conscious that the motivation of our employees is dependent on their training and understanding of the tasks they are expected to perform. It is part of our ongoing training programme that this policy is communicated and understood at appropriate levels in the company.

Information security is the responisiblity of all employees of the company.

 

Mike Wright, CEO

ESA Risk Ltd

14th November 2024

Get the Answers you need

Deep dive for the answers you need
Or contact us on +44 (0)843 515 8686 or at advice@esarisk.com.

Deep dive for the
answers you need

Lawyers, accountants, advisors, investors, senior
management. You name them, we help them find the answers
they need. Ready to discover how we can help you?

Deep dive for the
answers you need

Lawyers, accountants, advisors, investors, senior
management. You name them, we help them find the answers
they need. Ready to discover how we can help you?