CSR

Information Security

Information Security

As a trusted business partner to security-conscious customers, we ensure that our internal processes and procedures enable us to maintain the highest levels of physical and IT security that our customers and suppliers expect of us and that we should expect of ourselves as a professional solutions provider. CPS’ Information Security Management System (ISMS) is certified to the ISO 27001 standard.

If access to CPS information is required by third parties, a Non-Disclosure Agreement (NDA) contract that must be signed by all parties involved is required. The third party also has to sign our Third Party Access Policy and comply with its requirements.

 

CPS follows the principles of confidentiality, integrity and availability (CIA) and applies them to the protection of information. Part of this are our Acceptable Use Policy, Media Handling and Disposal Policy, Information Classification and Exchange Policy, and Clear Desk and Screen Policy. This policies include the use of technology like encryption and secure disposal process. Our Information Security Policy details our policy to secure sensitive information and IT systems, complying with legislation and meeting accepted best practice, to protect them from unauthorised use, disclosure or destruction.

CPS has implemented physical and logical protection barriers. This includes facilities and secure areas access control including card access readers. Our network is protected by firewalls, Active Directory security, antivirus, and Cloud security. More information can be found in our Physical Security Policy, Acceptable Use Policy and Laptop and Mobile Device Policy

Penetration tests are performed periodically by an external party. Findings are added to the ISMS CSIP for investigation and resolution.