Info Security Policy

1. Purpose of Policy

The Red Fox Group (the Organisation) develops software and provides consultancy services for customer relationship, stakeholder, and campaign management as well as website development.

In providing services to our clients, the Organisation has access to their information, and expects all employees and contractors to have a clear understanding of their information security obligations. The Organisation also has its own information much of which needs to be secured to enable the business to operate effectively.

2. Information Security Management System

To assist us in assuring our information security performance, the Organisation is committed to the implementation, maintenance and continual improvement of our Information Security Management System. The Organisation will assure the ISMS through seeking compliance with and certification to ISO 27001:2013.

2.1 Information Security Management System

To assist us in assuring our information security performance, the Organisation is committed to the implementation, maintenance and continual improvement of our Information Security Management System. The Organisation will assure the ISMS through seeking compliance with and certification to ISO 27001:2013.

2.1.1 Confidentiality

Ensuring that information is not made available or disclosed to unauthorised individuals, entities or processes, we aim for:

  • 0 data breaches
  • No reported incidents of sharing of confidential corporate information

2.1.2 Integrity

Maintaining the consistency, accuracy, and trustworthiness of information over its entire life cycle, we aim for:

  • 0 information integrity issues affect our clients

2.1.3 Availability

Ensuring that information is both accessible and usable upon demand by an authorised party, we aim for:

  • 99.5% up time for our applications
  • 0 loss availability from 7:00am to 9:00pm in the Australian and New Zealand markets

3. Commitment

The Organisation is committed to ensuring that its ISMS is capable of meeting owners’, clients’ and legal requirements for information security. To achieve this end, The Organisation is fully committed to the recruiting and skilling of its staff to deliver information security outcomes that are consistent with our risk appetite.