Information Security
Scope:
This policy covers Panacea’s approach to Information Security management.
Policy:
Panacea is dedicated to maintaining the highest levels of information security to ensure the protection of the subscriber and their business information. It aims to analyse, monitor and minimise risk to all our stakeholders.
We aim to protect the confidentiality, integrity and availability of customer data and all information on our systems, in line with our Privacy Policy (https://www.panacea-software.com/privacy-policy).
Panacea maintains an Information Management system which meets, and continues to meet, the requirements of ISO 27001: 2013.
Panacea’s Responsibilities:
To ensure that our systems, data and networks are constantly updated and improved to minimise information security risk.
To ensure that these information assets are available only to appropriate, authorised users.
To maintain a secure development cycle, including both automated and manual testing to ensure that each software component is fit for purpose. For example, we use regression testing to analyse the security and integrity of existing functionality.
To maintain firewalls for our systems and keep them up to date.
To monitor and ensure 99.9% uptime and availability of software.
To ensure that we use only reliable and accredited sub-contractors
To conduct annual penetration testing, using a certified third party, in order to minimise risk from hackers.
To manage the safety and security of office premises, infrastructure and office assets.
To conduct regular staff training and knowledge of user roles, access rights and IS requirements.
To use secure multi-factor authentication and restrict access to information and applications.
To consistently satisfy customers’ and other interested parties’ Information Security requirements.
To provide the appropriate organisation and resources, employ the appropriate people, and where applicable to use reliable sub-contractors in order to ensure protection of information and other assets to fulfil stakeholders’ requirements effectively, efficiently, responsibly and securely.
To continually review and monitor all aspects of business operations to identify opportunities for improving Information Security controls.