GARMCO has set up a BCIS Policy to give direction to all concerned personnel. The policy contains the organizations’ s Business Continuity Objectives, Information Security objectives, as well as the scope of Business continuity and information security. The policy shall be reviewed periodically, or whenever any significant changes occur in the organisational structure, legal requirements, and changes in critical processes.
It will be ensured that:
- Critical information is protected from unauthorised access, use, disclosure, modification and disposal, whether intentional or unintentional
- The confidentiality, integrity and availability of such information, whether acquired, provided or created, are ensured at all times
- Awareness programmes on information security and business continuity are available to all employees and, wherever applicable, to third parties such as subcontractors, consultants and vendors etc.
- All contractual requirements with respect to information security are met wherever applicable
- Any incident of policy infringement will be reported, and corrective/preventive actions taken
- Identifying business threats and their vulnerabilities, and assessing the impact of loss or disruption to the business, which may be present
- Developing, maintaining and testing suitable business recovery plans for all processes and activities in the main mill site
- Reviewing regularly the continuity requirements, incident management plans, and business continuity plans to ensure that they reflect the needs of the business
- Identifying and meeting the requirements of auditors, insurers and regulators
- Ensuring that the business continuity plan is maintained and tested
In the case of an incident, GARMCO is committed to the following:
- Employees’ safety
- Information security
- Welfare facilities for employees, their families and interested parties
- Resumption of critical business functions
- Meeting contractual obligations
- Management of risk
- Maintenance of client confidence and the reputation of the business (via external communications).
All functions/departments must comply with this policy & ensure that the management of business Continuity and Information Security is incorporated in GARMCO’s processes and structure.