XDS’s objective is to be recognised as a trusted custodian of information, particularly information supplied by subscribers, in all the markets it operates in. This information security policy (ISS) plays an integral part in XDS’s objective of safeguarding all information in its possession.
Information Security Mission
XDS pledges that it will maintain a responsible approach to information security, in the line with best industry practice, complying with the relevant legislation, regulatory requirements and will at all times safeguard the confidentially, integrity and availability of customer and Company assets. In implementing specific security measures XDS will:
- Permit the collection, use, disclosure and modification of information only in line with genuine business requirements, legal, regulatory and contractual obligations.
- Protect the copyright of XDS, customer and other licensed software.
- Maintain the privacy of all personal and customer information.
- Take active steps to establish the bona-fides of persons requesting access to information, both within and without XDS.
- Ensure that security is commensurate with the value of the information being protected – reflecting the cost of exposure to both XDS and its customers.
- Actively monitor access to information, to identify breaches of security policy, and institute disciplinary proceedings where appropriate.
- Safeguard information and systems against destruction or other denial of use.
Information Access Philosophy
All access to information by staff, customers and other third parties will be provided on the “need to know” principle basis, that it is in line with an approved business function, and necessary to the successful completion of that function.
Information Security Policy Objectives
- To ensure that all data entrusted to XDS is secure, safe and guarded against any misuse by internal or external parties.
- To protect XDS and its customers against direct or indirect financial loss incurred through breaches of information security.
- To protect the commercial interests of XDS by ensuring all access to information is through approved channels and by safeguarding the copyright of proprietary systems.
- To demonstrate XDS’s commitment to the highest professional and industry standards.
- To ensure that all staff are aware of their responsibilities for information security, and fully comply with them.
- To ensure that XDS products and systems incorporate appropriate security and integrity controls.
- To establish clear accountability for all information systems based activity.
Scope of Information Security Policy
The Policy applies to all XDS employees and contractors, irrespective of geographic location. The principles of the Policy are mandatory, except where they might conflict with specific legislation in overseas offices.
Any persons requiring access to information will be required to adhere to the general principles of the Policy. The will, in addition, be covered by specific written agreements which will define the nature and scope of their access, and the other security provisions with which they must comply.
The term information refers to any products or data generated, collected, stored or distributed on XDS computer systems or that of its agents; in addition, it includes the translation of that data or program code onto any other medium.