SUPPORTED MOBILE BROWSERS
ANDROID AND IOS	Chrome Firefox
ANDROID ONLY	Android v5.0+
IOS ONLY	Safari
WINDOWS 10 MOBILE	Edge
SUPPORTED DESKTOP BROWSERS
WINDOWS AND MAC	Chrome 12+ Firefox 16+ Opera 15+
MAC ONLY	Safari 6+
WINDOWS ONLY	Edge Internet Explorer 10+

Compliance ISO 27001

Information Security Policy

Classification	Public
Location	https://www.medcrowd.com/compliance/iso27001/policies/InformationSecurity
Author	Paul Gardner
Approver	Felix Jackson
Approved	14th December 2016

Date	Author	Changes
19th June 2023	Paul Gardner	Periodic review
6th June 2022	Paul Gardner	Periodic review
16th February 2021	Paul Gardner	Periodic review
12th February 2020	Paul Gardner	Periodic review
2nd May 2018	Paul Gardner	Periodic review
14th November 2016	Paul Gardner	Moved to the web Periodic review
17th May 2016	Paul Gardner	Change location
31st July 2015	Paul Gardner	Periodic review
8th September 2014	Paul Gardner	Rebranding
3rd July 2014	Paul Gardner	Initial

Introduction

This policy is part of the medDigital ISMS and must be fully complied with.

We are committed to preserving the confidentiality, integrity and availability of information assets created by ourselves, our clients, users and suppliers.

The implementation of this policy is important to maintain and demonstrate this.

It is the policy of medDigital to ensure:

Information is protected against unauthorised access
Confidentiality of information is maintained
Information is not disclosed to unauthorised persons through deliberate or careless action
Integrity of information through protection from unauthorised modification
Availability of information to authorised users when needed
Regulatory and legislative requirements will be met
Business continuity plans are produced, maintained and tested as far as practicable
Information security training is given to all employees
All breaches of information security and suspected weaknesses are reported and investigated

Scope

This policy applies to all information assets as defined in the Asset Management Policy including:

IT Systems belonging to, or under the control, of medDigital
Information stored, or in use, on medDigital systems or in physical form
Information in transit across medDigital data networks
Control of information leaving medDigital
All parties who have access to, or use IT systems and information belonging to, or under the control of, medDigital

Application of this policy applies throughout the information lifecycle from acquisition/creation through to access, storage and disposal.

Goals

To identify through risk assessment, the value of information assets, to understand their vulnerabilities and the threats that may expose them to risk
To manage the risks to an acceptable level through the design, implementation and maintenance of a formal Information Security Management System (ISMS)
To comply with regulations and legislation
To comply with any client contractual obligations relating to information security
To comply with ISO 27001:2013

Policies

Other policies exist to support this policy which when combined form our Information Security Management System (ISMS).

Responsibilities

Paul Gardner has overall responsibility for information security and is responsible for defining policy.

All employees, contractors and suppliers adhere to the standards and follow the procedures to maintain the information security policy.

All employees, contractors and suppliers have a responsibility for reporting security incidents and any identified weaknesses as per the Information Security Incident Management policy.

Any deliberate act to jeopardise the security of information will be subject to disciplinary and/or legal action as appropriate.

Review

This policy and all policies that form part of our ISMS are reviewed annually or due to significant change, whichever occurs first.