ISMS Policy

Information Security Management Systems (ISMS) Policy

We recognise that your information is very important to you for a wide variety of reasons. It’s also the same for us. 

This policy sets out our commitment to managing the confidentiality, integrity and availability of information we exchange as part of our working relationship. 

We are certified to ISO 27001 Information Security Management System, which demonstrates our proactive, risk-based approach and continued commitment to globally-recognised information security standards. 

However, our approach goes beyond box-ticking compliance. We invest the time and resources to minimise the threat of information security and privacy breaches, taking steps to implement controls throughout our supply chain to give you added confidence.

We take information security seriously

These standards apply to all the information we receive, generate or process whilst delivering best-in-class intelligent marketing for you. Whether it is information or data you hold yourself, you share with us or which we establish in doing our work, we are clear on all of the following:

  • The information we hold or process

  • The purpose for gathering it

  • What information systems are involved

  • Who has access to the information

Whilst no organisation can ever 100% guarantee to prevent a breach of information security and privacy, CWA will never sit back and leave it all to fate. We do our utmost to be proactive and take a risk-based approach, as demonstrated by our industry-recognised certification to ISO 27001. 

We take steps to reduce the likelihood of breaches by taking time to understand how a breach of confidentiality, integrity or availability could happen, the impact it will have on everyone concerned, including you, and just how likely it is that this could happen. 

On an ongoing basis and where necessary, we assess the overall risk and implement organisational controls to reduce the likelihood of an incident happening and, should an incident still occur, reduce the impact to all concerned. 

Controls can include policies, processes, procedures and standards. We use various technologies and services along with plenty of training for our staff to embed all this good stuff into how we work for our clients and prospective clients day to day. We even ensure that any suppliers we work with, who handle your or even our own data, when working with us, can demonstrate a mature approach to information security and privacy. 

All these controls require good maintenance to ensure they minimise the chance of a breach of information security. We ensure that the resources are available to effectively maintain the controls we’ve put in place and to review these to identify opportunities for improvement on an ongoing basis. 

Even with effective maintenance of all our security controls, things change. And when they change, they can sometimes have an impact on the risk of an information security incident happening or even its impact. We’re committed to keeping an eye out for change, especially anything that relates to information security. We closely review how we deliver our products and services and the forces at play in the markets where we operate who have an interest in information security. We listen to our clients' information security challenges and always find a way to ensure they feel their data is in good hands when they work with us. That’s one of the reasons why we’ve been ISO 27001 certified since 2009.

If you have any questions, please get in touch.