Policy Title: Information Security Policy
Effective Date: 1 July 2025
Policy Owner: Executive Committee
Responsible Officer: Stuart Page – Executive Team
Endorsed By: Board of Directors
Review Cycle: Annual
1. Purpose and Scope
Bare Media is committed to safeguarding customer and employee data throughout the printing lifecycle, from receipt and handling through to post-production storage and disposal. This policy outlines the framework for maintaining confidentiality, integrity, and availability of information, in compliance with ISO 27001:2022 standards. It applies to all staff, contractors, and third parties with access to Bare Media’s data and systems.
3. Security Controls and Responsibilities
Bare Media enforces protective measures including:
- Secure authentication and password protocols
- Advanced real-time threat detection and prevention
- Encryption for stored data
- Controlled access via approved company-issued devices
- Mandatory reporting of incidents and suspected breaches
All personnel and authorised third parties must:
- Understand and apply classification levels when handling information
- Access data strictly for business purposes, and prevent unauthorised use or disclosure
- Follow procedures for secure storage, use, and disposal of sensitive media
- Participate in regular training and awareness programs
Failure to comply may result in disciplinary action.
4. Policy Governance and Review
This policy is supported by related documents including:
- BARE02 – IT Operating Policies
- BARE06 – Information Security Objectives & Targets
The Executive Committee is responsible for reviewing this policy, its supporting frameworks, and associated objectives at least annually. Evaluation criteria will include:
- Staff and contractor awareness of ISMS and QMS requirements
- Clarity of assigned responsibilities
- Effectiveness of implementation, incident response, and ongoing maintenance.