The MTC Information Security Policy is a statement to deliver consistent services and best practice within applicable legal, regulatory and contractual boundaries to its customers, through implementing and continually improving a formal Information Security Management System (ISMS) which utilises the ISO27001 framework.
The MTC ISMS is used to manage the level of risk to MTC and its customer information assets, according to established risk criteria. These risks include: unauthorised access, breach of confidentiality, loss of integrity and lack of availability.
This document seeks to assure all interested parties of the information security of MTC manual and electronic records, computer systems, networks, devices and the data that is stored, accessed, transmitted, displayed, relayed and/or processed by these systems are assured to an acceptable security level.
Information security addresses the issues of:
- Confidentiality – ensuring the privacy of classified information through the prevention of unauthorised access to, and unauthorised use of, information; and
- Integrity – ensuring that information and programs remain unchanged unless the changes are authorised; and
- Availability – ensuring that system response times are appropriate to the business needs of the users and that service is not denied to authorised users.
The objectives of this Information Security Policy aim to:
- set out the guiding principles for establishing strategies that enable the appropriate levels of system and information confidentiality, integrity and availability to be achieved; and
- enable the development of secure information system resources that meet the business needs of MTC; and
- minimise opportunities for, and maximise the ability to detect and apply sanctions against, unauthorised and/or fraudulent use of information system resources.
This Policy is available to all MTC customers and other interested parties, and our employees are made aware of MTC commitment and the contents of this Policy.
The CEO, the ELT and MTC’s legal counsel were consulted in the development of this Policy.
The Policy has been approved by the CEO.
Version 5.0. Updated 18/08/2020.