Information Management and Security Policy
Information Management and Security Policy
1. Purpose
The purpose of this Information Management and Security Policy is to establish guidelines for managing and protecting the information assets of Quality Waste Ltd. This policy aims to ensure the confidentiality, integrity, and availability of information, thereby supporting the company's operations and compliance with legal and regulatory requirements.
2. Scope
This policy applies to all employees, contractors, and third-party service providers who have access to Quality Waste Ltd’s information systems and data, including electronic and paper-based information.
3. Policy Statement
Quality Waste Ltd is committed to safeguarding its information assets against unauthorised access, disclosure, alteration, and destruction. We will implement appropriate measures to protect the confidentiality, integrity, and availability of information throughout its lifecycle.
4. Information Classification
- Confidential Information that, if disclosed, could harm the company or its stakeholders. Examples include financial records, customer data, and proprietary business information.
- Internal Use Only Information intended for use within the company that is not classified as confidential but should be protected from unauthorised external access.
- Public Information intended for public dissemination. This category includes marketing materials and public announcements.
5. Access Control
- Authorisation Access to information will be granted based on job responsibilities and the principle of least privilege. Employees will only have access to the information necessary for their roles.
- Authentication All systems and applications must implement secure authentication methods, such as strong passwords or multi-factor authentication.
- Review Access permissions will be reviewed regularly to ensure they remain appropriate.
6. Data Protection and Privacy
- Data Handling Personal and sensitive data must be handled in accordance with data protection laws, including the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018.
- Data Storage Sensitive and confidential information must be stored securely, using encryption where appropriate.
- Data Disposal Information that is no longer required will be disposed of securely to prevent unauthorised access or recovery.
7. Information Security Measures
- Network Security We will implement appropriate network security measures, such as firewalls, intrusion detection systems, and secure configurations, to protect against cyber threats.
- Physical Security Physical access to information systems and storage areas will be restricted to authorised personnel only.
- Incident Management Any information security incidents or breaches must be reported immediately to the IT department and investigated promptly. An incident response plan will be maintained and tested regularly.
8. Employee Responsibilities
- Compliance Employees are responsible for complying with this policy and safeguarding information assets. They must follow all procedures for handling and protecting information.
- Training Employees will receive regular training on information security and data protection to ensure they understand their responsibilities and the importance of safeguarding information.
9. Third-Party Management
- Vendor Contracts Contracts with third-party service providers must include clauses that ensure compliance with our information management and security requirements.
- Due Diligence Third-party service providers will be assessed for their information security practices and compliance before engaging them.
10. Policy Enforcement and Compliance
- Monitoring Compliance with this policy will be monitored through regular audits and reviews of information management practices.
- Disciplinary Action Violations of this policy may result in disciplinary action, up to and including termination of employment.
11. Policy Review and Updates
This policy will be reviewed annually or in response to significant changes in legal requirements, operational practices, or information systems. Any updates to the policy will be communicated to all relevant personnel.
12. Contact Information
For questions or additional information about this Information Management and Security Policy, please contact the IT Department or the Data Protection Officer at Quality Waste Ltd.
Approved By
Quality Waste Ltd
Date 15/09/2024
Stuart
Car Leasing Provider
I recently had a fantastic experience with this company that truly prioritises its customers and is committed to recycling. Initially, I was hesitant after receiving several quotes that were all in the triple digits from other companies. However, this company offered a quote that was significantly lower—hundreds below the others—so we decided to move forward. They collected our waste on a Friday of this week, and I was impressed to receive a notification the day before with details about the vehicle, driver, and estimated arrival time. The collection itself was handled with care; their staff meticulously managed everything as it was taken from our 5th floor office building. Additionally, they provided all the necessary documentation and certificates at no extra charge. Overall, their professionalism and dedication to service made the experience excellent!
Sara
Installation Provider
Finding a reliable waste collection provider without breaking the bank was a challenge for us. We often deal with a mix of old WEEE from various jobs, and Quality Waste came through with a no-obligation quote—no aggressive sales tactics like we experienced with other companies that kept hounding us to book. We started with a small trial collection on our preferred date, and I was impressed by their professionalism throughout the process. They provided clear notifications the day before, including all the details about the collection timeframe. After everything was collected, they promptly emailed us all the necessary paperwork and certificates. I highly recommend Quality Waste for anyone in need of dependable waste collection services!
Jena
Charitable organization
As a charity with limited funds for disposing of old equipment, we faced challenges finding an affordable solution. After reaching out to several companies, all of whom quoted high fees for collecting our old PCs and laptops, we contacted Quality Waste. They offered a no-charge collection service, which was a welcome surprise. Not only did they collect our items the very next day, but they also donated funds back to us, which was incredibly generous and beneficial for our organisation. This experience couldn’t have been better for us, and I highly recommend Quality Waste for their outstanding service and support!
Matt
Office Admin
For several years, we struggled to find a company that could collect a large amount of old electrical waste from our basement, with every provider quoting us several thousand. Then we found Quality Waste. They sent a staff member to assess the job at no cost, which was a pleasant surprise. To our astonishment, they came back with a very competitive price. They even collected everything on a weekend and went the extra mile by cleaning up after they finished. I couldn’t be happier with their service and highly recommend them to anyone in need of waste collection!
Mohammed
Private Service Provider
We recently upgraded our computers, laptops, and other office equipment and had faced challenges with previous companies that would only collect the laptops and PCs, leaving everything else behind. When we reached out to Quality Waste, we sent them a photo of what we needed collected, and they offered to take everything at no cost, including free paperwork and a hard drive erase certificate. We accepted their offer, and to our surprise, the day after the collection, they informed us that they could provide a rebate for the items. We choose to donate that rebate to a charity we sponsor instead. Overall, we were extremely impressed with their service and highly recommend Quality Waste for their professionalism and generosity!