Privacy and Information Security Policy
Purpose
The Privacy and Security Policy defines the framework for managing information security within Bluefield ICT Solutions, operating under the trade name Bluefield Smart Access with address Coltbaan 27a, 3439 NG Nieuwegein (Netherlands), with Chamber of Commerce number 57558132 and telephone number +31 85 210 0870. Bluefield ICT Solutions is ISO 9001 and ISO 27001 certified.
Validity
The privacy and security policy applies to all employees within Bluefield ICT Solutions and full access to Bluefield ICT Solutions' IT systems.
Objectives
Bluefield ICT Solutions actively works to manage information security with the aim of securing availability, systems and data. Bluefield ICT Solutions strives to remain compliant with ISO 9001 and ISO 27001:2013. Bluefield ICT Solutions uses a risk-based approach where the security level and cost should be based on the business risk and impact assessment which should be carried out at least once a year.
An IT security manual should be established and continuously updated. This manual contains descriptions of information security actions implemented and references to relevant policies, guidelines, and procedures. Bluefield ICT Solutions is committed to complying with relevant legislation, including, for example, AVG / GDPR. Bluefield ICT Solutions intends to adhere to agreements with external parties, including data processing agreements. Bluefield ICT Solutions aims to prepare an annual statement, i.e. ISO certification, etc. This information security policy will be reviewed annually.
Organisation and responsibilities
The board of directors has ultimate responsibility for information security within Bluefield ICT Solutions. The board of directors is responsible for management principles and delegates specific responsibilities for security measures, including ownership of information systems to the privacy officer. If you have any questions or comments about our privacy and security policy, please contact us at privacy@bluefieldsmartaccess.nl. Ownership is established for each critical information system. Ownership determines how security measures are used and managed in accordance with the security policy.
The IT department consults, coordinates, monitors and reports on the status of security. The IT department establishes guidelines and procedures. The individual employee is responsible for complying with the security policy and is informed about it through the "IT use policy".
Waiver
Waivers to Bluefield ICT Solutions' information security policy and guidelines are approved by the IT department based on the guidelines established by management
Reporting
The IT department informs the board of all relevant security issues. The status of waivers is included in the IT department's annual report to the board. The management reviews the security status annually and then reports to the board.
The privacy and security policy was last updated on: 13 April 2023.