Information Security

Introduction

Ross Robotics operates a comprehensive formally-accredited ISO 27001 Information Security Management System (ISMS).

Our Information Security Policy and its associated policies & procedures drive and ensure Ross Robotics’s commitment to information security and continual service improvement, and are designed to satisfy the applicable information security requirements of our interested parties including employees, customers, partners and suppliers.

Applicability

This Policy applies to all staff, including employees, contractors and interns working for or under the control of Ross Robotics.

Information Security Statement

Ross Robotics recognises that the security of information entrusted to us by our employees, customers, partners and suppliers is of paramount importance, and ensures the confidentiality, integrity and availability of that information through formal policies, processes and controls to provide our stakeholders with the assurance that their information is in safe hands.

Policy

Principles

Ross Robotics is committed to the maintaining our formal Information Security Management System (ISMS) that:

  • Provides assurance within the company and to our customers, partners and suppliers that the availability, integrity and confidentiality of their information is maintained appropriately;

  • Manages information security risks to all company and customer assets;

  • Protects the company’s ongoing ability to meet contractual commitments through appropriate business continuity planning;

  • Bases information security decisions and investments on the risk assessment of relevant assets, considering confidentiality, integrity, and availability;

  • Considers business, legal, and regulatory requirements and contractual security obligations;

  • Maintains security awareness in all employees so they can identify and fulfil contractual, legislative and internal security management responsibilities;

  • Minimises the business impact of, and deals effectively with, any security incidents;

  • Meets the requirements of all other interested parties not already specified.

The Policy in Operation

The Policy is supported by the following objectives:

  • A senior management team that supports the continuous review and improvement of the ISMS policies and processes;

  • Implementation of company-wide policies and procedures that support our Information Security Statement;

  • General policies and processes for the protection of corporate, employee, client, and supplier information;

  • Implementation of an Information Security Risk Management Procedure that assesses the business harm likely to result from a security incident and the realistic likelihood of such an incident occurring in the light of prevailing threats, vulnerabilities and controls in place;

  • Implementation and management of a Business Continuity Plan to counteract disruptions to business activities and to protect critical business processes from the effects of major failures or disasters;

  • Defined physical and logical access controls to prevent unauthorised access, damage to and interference with business premises and information;

  • Implementation of an Incident Response Plan and procedures for reporting and investigating security incidents for review and action.

Compliance, Monitoring, Audit, and Review

Compliance with this Policy and all other associated policies is mandatory for all management, staff, contractors and other representatives of the company.

Compliance is monitored through regular internal audits, internal governance procedures, and formal independent external audits by UKAS accredited assessors.

As part of our continual service improvement, this Policy and all associated policies are reviewed at least annually, and in response to any impacting business changes.

===

Last updated: June 02, 2023