Information Security Policy

purpose the purpose of this policy is to define information security requirements, in accordance with the veterinary council of new zealand (vet council) strategic direction, in order to improve the security posture of the vet council scope this policy applies to all employees, including board members and contractors benefit this policy benefits vet council by defining a framework that will ensure appropriate measures are in place to protect the confidentiality, integrity and availability of information; and ensure employees and all other stakeholders understand their role and responsibilities; have adequate knowledge of security policy, procedures and practices and know how to protect information policy statement vet council will establish and maintain an information security governance structure that ensures data and information is identified, understood, and protected identify and manage information security risks in the information security governance structure take a risk management approach to meet vet council’s business needs while keeping information safe and secure and have a clearly defined information risk appetite understand the information security lifecycle with a process to follow to mitigate risks to information assets have delegated employees with accountability and responsibility in maintaining leadership and oversight of information security and the risks accepted by vet council establish and maintain a security awareness programme ensure all employees are provided with appropriate security awareness training to support them upholding their information security policy obligations and create a strong security culture apply a secure by design principle with standards and procedures to implement requirements in vet council’s digital assets and infrastructure ensure information security incidents or breaches are managed in accordance with an established incident management procedure establish assurance procedures to ensure the information security governance functions are fit for purpose and continually matured evidence that the information security risks are being managed effectively, including digital systems assurance review this policy should be subject to periodic review annually by the ceo to ensure relevancy related policies, standards and documents this policy acts as an umbrella document to all other security policies and associated standards this policy defines the responsibility to protect and maintain the confidentiality, integrity and availability of information this policy should be read in conjunction with the following policies, standards and documents information technology acceptable use policy privacy policy relevant legislation and regulations privacy act 2020 definitions true left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type download this policy