Information Security Management System (ISMS) Policy

Policy Title: Information Security Policy
Effective Date:
1 July 2025
Policy Owner:
Executive Committee
Responsible Officer:
Stuart Page – Executive Team
Endorsed By:
Board of Directors
Review Cycle:
Annual

1. Purpose and Scope

Bare Media is committed to safeguarding customer and employee data throughout the printing lifecycle, from receipt and handling through to post-production storage and disposal. This policy outlines the framework for maintaining confidentiality, integrity, and availability of information, in compliance with ISO 27001:2022 standards. It applies to all staff, contractors, and third parties with access to Bare Media’s data and systems.

2. Information Security Commitment

Bare Media integrates information security into its core management function and operations. The organisation will:
  1. Protect data against unauthorised access, loss, alteration, or misuse
  2. Comply with all relevant legal, regulatory, and contractual obligations
  3. Implement and continually improve its ISMS and risk management practices
  4. Monitor objectives, incidents, and effectiveness to ensure policy relevance
  5. Promote awareness and assign responsibility at all organisational levels

3. Security Controls and Responsibilities

Bare Media enforces protective measures including:
  • Secure authentication and password protocols
  • Advanced real-time threat detection and prevention
  • Encryption for stored data
  • Controlled access via approved company-issued devices
  • Mandatory reporting of incidents and suspected breaches
All personnel and authorised third parties must:
  • Understand and apply classification levels when handling information
  • Access data strictly for business purposes, and prevent unauthorised use or disclosure
  • Follow procedures for secure storage, use, and disposal of sensitive media
  • Participate in regular training and awareness programs
Failure to comply may result in disciplinary action.

4. Policy Governance and Review

This policy is supported by related documents including:
  • BARE02 – IT Operating Policies
  • BARE06 – Information Security Objectives & Targets

The Executive Committee is responsible for reviewing this policy, its supporting frameworks, and associated objectives at least annually. Evaluation criteria will include:
  • Staff and contractor awareness of ISMS and QMS requirements
  • Clarity of assigned responsibilities
  • Effectiveness of implementation, incident response, and ongoing maintenance.