Introduction

Information, communications, and technology are critical to Inspired Village’s day-to-day operations and to our long-term growth and profitability. Any threat to them presents a risk to our business and potentially also to our most important stakeholders – our residents, our employees and L&G.

This Information Security Policy reflects the fact that most of the Inspired Villages information is Personal Information and that, consequently, information security threats also present risks to the privacy and rights of our residents, employees, and other individuals.

This policy is designed to ensure that we maintain the necessary capabilities to identify and defend against any such threat and, by doing so, to maintain the trust of Inspired Villages’ stakeholders.

Application

You are required to comply with this Information Security Policy if you are employed by Inspired Villages and if you:

1. have access to Inspired Villages information, or
2. are responsible for deciding how to collect, use, store, manage, disclose, grant access to, protect, or dispose of Inspired Villages information, or
3. are responsible for authorising employees or third parties to access Inspired Villages information.

The Inspired Villages Information Security Principles

We will:

1. Ensure consistency and equivalence between Inspired Villages’ Information Security Policy & Standards and those of Legal and General Group (“L&G”).
2. Adopt a holistic approach to information security, encompassing people, process, and technology, ensuring appropriate training of personnel, monitoring of processing activities, identification and management of risks and effective use of technology to provide appropriate and proportionate protection against risks arising from human error, process failure and malicious attack. 
3. Meet or exceed our legal, regulatory, and moral obligations in relation to the protection of information in general and of Personal Information in particular. 
4. Document and monitor information flowing into, within and out of Inspired Villages so we can place appropriate limits on collection, processing, access, and retention and minimise exposure to risk.  
5. Develop and maintain information governance structures, assigning accountability and delegating responsibilities to appropriate individuals and providing oversight of our processing activities. 
6. Develop and maintain the technology, skilled resources, and procedures necessary to provide protection for Inspired Villages information, preserving its confidentiality and integrity and ensuring its availability.
7. Develop, implement, and adhere to information security standards that require the implementation, monitoring and maintenance of technical, physical and organisational security controls that are appropriate and proportionate to the risks and threats to our systems, information, and processing operations.
8. Consider information security from the earliest stage when designing or procuring technology solutions and processes that collect, process, transmit or store information, adopting a pre-emptive and preventative approach to information security.
9. Consider the needs of the business when developing and delivering our information security and business continuity strategies to ensure that security controls do not unduly impact ease of access and use. 
10. Monitor security controls to ensure that they remain appropriate and proportionate to the risks they are designed to address and that risks are managed within Inspired Villages’ risk appetite. 
11. Provide assurance to stakeholders and regulators by benchmarking our information security measures against the globally recognized ISO27001 Information Security Management Standards.

Accountability

Adherence to this policy will be monitored and failure to comply may result in disciplinary action up to and including dismissal.

Advice and Guidance

For advice on Information Security, contact: [email protected].