Information security policy
This policy statement lays down the objectives, motivation and direction for Scottish Enterprise to protect its business information, systems and networks.
Information and information systems are fundamental to Scottish Enterprise in its role as Scotland’s main economic development agency supporting business growth and developing the business environment.
This policy includes all information and data handled, information systems, and networks operated by, and for, Scottish Enterprise. This covers the organisation of Scottish Enterprise, and includes outlying and international offices.
What's in the policy?
This policy covers the following topics:
- Alignment with security standards
- Authority
- Balancing democratic and commercial security requirements
- Compliance with legal requirements - Data Protection Act, Freedom of Information Act, etc
- The principal tenets of information security
- Types and scope of information
- Security commitment
- Risk management principals
- Individual responsibility and accountability for security awareness
- The security management infrastructure
- Technical procedures - whoever is custodian of systems
- Customer contracts
Download the information security policy (PDF, 172 KB)