Information Security Policy

Information Security Policy


Wynn Williams is committed to safeguarding information belonging to Wynn Williams and its third parties, clients and the general public, within a secure environment.

Scope

This Security Information Policy sets out how Wynn Williams Partners, Staff and other individuals entitled to use Wynn Williams’ facilities will ensure the safeguarding of information.

Process

Security

Wynn Williams aims to ensure that:

  • Information will be protected against unauthorised access or misuse
  • Confidentiality of information will be secured
  • Integrity of information will be maintained
  • Availability of information / information systems are maintained for service delivery
  • Business continuity planning processes will be maintained
  • Regulatory, contractual and legal requirements will be complied with
  • Physical, logical, environmental and communications security will be maintained
  • When information is no longer of use, it is disposed of in a suitable manner
  • All information security incidents will be reported to the Information Systems Manager and appropriately investigated

Information

In this Security Information Policy, Information includes the following:

  • Electronic information systems (software, computers, and peripherals) owned by Wynn Williams whether deployed or accessed on or off site
  • Wynn Williams’ computer network used either directly or indirectly
  • Hardware, software and data owned by Wynn Williams
    Paper-based materials
  • Electronic recording devices (video, audio, CCTV systems)

Authorised Use and Access


Wynn Williams requires all users to exercise a duty of care in relation to the operation and use of its information systems.
With the exception of information published for public consumption, all users of Wynn Williams’ information systems must be formally authorised by appointment as a member of staff, or by other process specifically authorised by Wynn Williams. Authorised users will be in possession of a unique user identity. Any password associated with a user identity must not be disclosed to any other person.
Authorised users will pay due care and attention to protect Wynn Williams’ information in their personal possession. Confidential, personal or private information must not be copied or transported without consideration of:

  • Permission from the information owner
  • The risks associated with loss or falling into the wrong hands
  • How the information will be secured during transport and at its destination

Use of Wynn William’s information systems by authorised users will be lawful and shall have regard to the rights of other people.

Ownership and Responsibility

The Information Systems Manager has direct responsibility for maintaining this Security Information Policy and providing guidance and advice on its implementation.

Information system owners are responsible for the implementation of this Policy within their area, and to ensure adherence to this Policy.

Otherwise, it is the responsibility of all authorised users to ensure that:

  • Systems are adequately protected from unauthorised access
  • Systems are secured against theft and damage to a level that is cost-effective
  • Adequate steps are taken to ensure the availability of the information system, commensurate with its importance (Business Continuity)
  • Electronic data can be recovered in the event of loss of the primary source (such as failure or loss of a computer system). It is incumbent on all system owners to backup data and to be able to restore data to a level commensurate with its importance (Disaster Recovery)
  • Data is maintained with a high degree of accuracy
  • Systems are used for their intended purpose and that procedures are in place to rectify discovered or notified misuse
  • Any electronic access logs are only retained for a justifiable period to ensure compliance with the data protection, investigatory powers and freedom of information acts
  • Any third parties entrusted with Wynn Williams’ data understand their responsibilities with respect to maintaining its security

Complaints

If you have any concerns about the way in which Wynn Williams’ secures information, or if you have any questions about this Security Information Policy, please contact: Claudio Ghirelli: Claudio.Ghirelli@wynnwilliams.co.nz +64 3 379 7622.

This Security Information Policy may be updated at any time.

Last updated: 24 June 2019