It is the policy of Clue Computing Company Ltd to maintain an information management system designed to meet the requirements of ISO 27001in pursuit of its primary objectives, the purpose and the context of the organisation.

It is the policy of Clue Computing Company Ltd to:

• make the details of our policy known to all other interested parties including external where • make the details of our policy known to all other interested parties including external where appropriate and determine the need for communication and by what methods relevant to the business management system
• comply with all legal requirements, codes of practice and all other requirements applicable to our activities; therefore, as a company, we are committed to satisfy applicable requirements related to information security and the continual improvement of the ISMS
• to maintain the confidentiality, integrity and availability of all information held by Clue
• to ensure that all staff engage in appropriate training and can demonstrate an inherent awareness of information security
• to demonstrate that Clue recognise the sensitivity of the client information we may collect and ensure an appropriate level of protection through the implementation of a secure development policy and a business continuity plan.
• to ensure that any unexpected threats that may impact on Clue’s ability to adequately protect client information are promptly mitigated via an appropriate incident response plan and timescale objective
• ensure that all employees are made aware of their individual obligations in respect of this information security policy;
• maintain a management system that will achieve these objectives and seek continual improvement in the effectiveness and performance of our management system based on “risk”.

This information security policy provides a framework for setting, monitoring, reviewing and achieving our objectives, programmes and targets.

To ensure the company maintains its awareness for continuous improvement, the business management system is regularly reviewed by Senior Management to ensure it remains appropriate and suitable to our business. The Business Management System is subject to both internal and external annual audits.

Scope of the Policy

The scope of this policy relates to use of the database and computer systems operated by the company in pursuit of the company’s business of providing investigation case management software. It also relates where appropriate to external risk sources including functions which are outsourced.

Clare Elford – CEO, Clue Computing Company Ltd

10th October 2022