Information Security Policy Statement

Information Security Policy Statement
Issue Date: October 2023 Rev 000

It is the policy of The Stepnell Group to meet the requirements of ISO 27001 to ensure full compliance with the General Data Protection Regulation (GDPR) and ensure the data it manages is secure and safe.

The company is committed to protecting its information and that of its interested parties, including but not limited to, its staff, clients, suppliers, consultants and subcontractors. To achieve this goal, the company has implemented an Information Security Management System (ISMS) in accordance with ISO 27001 and all GDPR requirements.

To meet our statutory obligations with regard to our services, we have a clear commitment to comply with current and future legislative requirements.

The ISMS is intended to meet the legal requirements and regulations, sustained through the input of trained and competent staff as well as the guidance of third party consultants and industry standards.

The company’s ISMS is applicable to its IT systems and its network across all areas of the business, including regional offices and construction sites.

We will:
● Comply with all legal requirements, codes of practice and all other compliance obligations applicable to our activities.
● As far as reasonably practicable, protect sensitive information from all threats, whether internal or external, deliberate or accidental.
● Provide adequate resources including equipment, trained and competent staff and any other requirements to enable the objectives of the ISMS to be met.
● Ensure that all employees are made aware of their individual obligations in accordance with MRP05 Information Technology Procedure.
● Maintain an ISMS that will achieve the objectives of ISO 27001 and seek continual improvement in its effectiveness and performance based on “risk”.
● Make the details of our policy known to relevant interested parties as required.

The ISMS provides a framework for setting, monitoring, reviewing and achieving our objectives, programmes and targets.

To ensure that The Group maintains its awareness for continuous improvement, its ISMS is regularly reviewed by the Managing Director to ensure it remains appropriate and suitable to our business. The ISMS is subject to both internal and external annual audits.

This policy will be reviewed at least annually to reflect the result of audits, any changes in legislation, codes of practice and all other requirements applicable to our activities.

The implementation of this policy is detailed in the ISMS.


Tom Wakeford