top of page

Information Security Policy

Scope:

This policy covers Panacea’s approach to Information Security management.

Policy:

  1. Panacea is dedicated to maintaining highest levels of information security, to ensure protection of subscriber and business information and aims to minimise risk to all our stakeholders.

  2. We aim to protect the confidentiality of customer data and all information on our systems, in line with our Privacy Policy.

  3. Panacea maintains an Information Management system which meets, and continues to meet, the requirements of ISO 27001: 2013. 

Panacea’s Responsibilities:

  1. Ensure our systems, data and network is secure and constantly updated and improved, to minimise information security risk.

  2. Ensure these information assets are available only to appropriate, authorised users.

  3. Regularly analyse, monitor and minimise risk wherever applicable.

  4. Maintain firewalls for our systems and keep them up to date.

  5. Ensure we use only reliable and accredited sub-contractors.

  6. Conduct annual penetration testing by a certified third party to minimise risk from hackers.

  7. Manage the safety and security of office premises, infrastructure and office assets.

  8. Conduct regular staff training and knowledge of user roles, access rights and IS requirements.

  9. Use secure multi-factor authentication and restricted access to information and applications.

  10. Consistently satisfy customers’ and other interested parties Information Security requirements as specified by the adoption of best practice.

  11. Provide the right organisation and resources and employ the right people and use reliable sub-contractors, where applicable, to ensure protection of information and other assets to fulfil stakeholders’ requirements effectively, efficiently and profitably.

  12. Continually review and monitor all aspects of business operations to identify opportunities for improving Information Security controls.

bottom of page