Information Security Policy

This policy is the peak document in our Business Management System (BMS). The purpose of that system is to manage risks facing our information assets and those belonging to relevant interested parties. To protect that information from all threats (whether internal or external, deliberate or accidental), and safeguard the confidentiality, integrity, and availability of information, we will ensure that:

• Business requirements for the availability of information and information systems will be met.
• Information will be protected against unauthorised access.
• Confidentiality of information will be assured, by protection from unauthorised disclosure, theft, or intelligible interruption.
• Integrity of information (its accuracy and completeness) will be maintained by protecting against unauthorised modification.
• Regulatory and legislative requirements will be met.
• Business Continuity plans will be produced, maintained and tested, to ensure that information and vital services remain available in the face of adverse events.
• Information on security matters will be made available to all employees and relevant contractors.
• All breaches of information security will be reported to the Operations Manager and investigated appropriately.
• A suitable program of independent review is implemented to identify any weaknesses in the implementation of technical security controls on classified assets.
• Our BMS is established and maintained in compliance with the ISO 27001 standard and will endeavour to achieve continuous improvement.

While the Operations Manager and team play a key role in administering our BMS, it is the responsibility of everyone working for Australian Valuers to adhere to the Policy.