Classification	Public
Location	https://www.medcrowd.com/compliance/iso27001/policies/InternalOrganisation
Author	Paul Gardner
Approver	Felix Jackson
Approved	14th December 2016

Introduction

This policy is part of the medDigital ISMS and must be fully complied with.

This policy establishes the management framework to initiate and control the implementation and operation of information security within medDigital.

Roles & Responsibilities

Role	Responsible Person
ISMS Policy Management	Paul Gardner
Security Manager	Paul Gardner
System Security	Paul Gardner
Network Security	Paul Gardner
Disaster Recovery	Paul Gardner

Segregation of Duties

As a relatively small company with limited personnel, effective segregation of security-related duties is not feasible. To mitigate this, all servers have an intrusion detection system which, in addition to intrusion detection, monitor key system events. To mitigate against the wilful destruction of those logs, a copy of the event is emailed to an internal list in real-time.

Contact with authorities

medDigital maintains contact with the following authorities:

Authority	Contact
National Fraud & Cyber Crime Reporting Centre	+44 (0)300 123 2040
Information Commissioner's Office	+44 (0)303 123 1113
National Crime Agency	+44 (0)370 496 7622

Contact with special interest groups

medDigital maintains contact with the following special interest groups:

Group	Contact
United States Computer Emergency Response Team (CERT)	+1 888 282 0870 soc@us-cert.gov
AWS Security Bulletins	https://aws.amazon.com/security/security-bulletins/

Information security in project management

Information security should be considered for every project, regardless of the type of project.

Responsibilities

Project Leads are responsible for ensuring that an information security representative is attached to the project at an early stage.