1.1. Scope

This policy applies to all information processed and maintained by Lancashire Women utilised in all its operational activities regardless of its format, including but not limited to;

  • Client, commissioner, subcontractor and partner information and reports
  • Operational plans, records and memos
  • Employee and volunteer records

All operational systems used to store, process and transmit information in support of Lancashire Women's business and charitable operations.

All employees and third parties that provide services to Lancashire Women with access to information assets.

1.2. Policy

To protect the information assets processed and maintained by Lancashire Women from all appropriate threats and vulnerabilities. To ensure the impacts of threats to the operational business are controlled and business continuity is maintained, compliance with this policy is required.

The Board of Trustees of Lancashire Women accept their responsibilities to be accountable for information security in support of this policy and are committed to;

  • Ensuring information security is treated as a business-critical objective.
  • Developing a culture of security awareness.
  • Managing risk and implementing controls proportionately.
  • Requiring individual responsibility for compliance with information security policies, as well as supporting processes and procedures.
  • Protection of personal data in line with current data protection legislation.

1.3. Commitment

Lancashire Women is committed to the development and continual improvement of Information Security and Data Protection and its supporting information security program, to provide

  • Assurance with legal, regulatory, and contractual obligations
  • Reputation management
  • Protection of critical assets

1.4. Objective Framework

Security objectives are defined in alignment with business strategy and goals. Goals will be defined using the SMART methodology.

1.5. Risk Strategy

Lancashire Women shall follow a balanced risk strategy to manage risk appetite, to ensure that high risks are mitigated appropriately, and unnecessary expensive and bureaucratic controls are not implemented.

Risk assessment, management and acceptance will be clearly defined to enable this strategy.

1.6. Approval

This policy has been reviewed and approved by Senior Management and issued to all employees

Date Published: 25/11/2021
Version 3.1