The Legal Stuff

SECURITY POLICY

April 10 '25

Introduction

Cooper Parry (CP) recognises that information is one of our most valuable assets. The confidentiality, integrity and availability of our information must be rigorously protected to ensure business continuity and maintain the trust of our clients, employees, contractors, consultants and stakeholders.

This Policy entrusts any team member, contractor, or third-party who is authorised to access CP’s Information Systems or data to take responsibility for protecting company information from security threats, whether internal or external, deliberate or accidental and to minimise the impact of security incidents.

Scope

This Policy applies to all CP entities, extends to physical security and encompasses all forms of information security. It covers data printed or written on paper, stored on computer hard drives (including cloud storage) and/or removable media (such as CDs, DVDs, tapes and USB drives), transmitted across networks, or spoken in conversation or over the telephone.

Policy

Cooper Parry are committed to ensuring the following:

  • Information will be protected against unauthorised access or disclosure
  • Confidentiality of information is assured, its integrity is maintained, it is available as and when needed and its authenticity can be guaranteed
  • All regulatory, legislative and contractual requirements regarding Intellectual property rights, data protection and privacy of personal information are met
  • CP implement and maintain an Information Security Management System (ISMS) that complies with the requirements of BS EN IEC/ISO 27001:2023
  • Suitable security objectives for the ISMS that support CP’s corporate objectives are identified, progressed and achieved
  • Business Continuity and Disaster Recovery plans will be produced, maintained and tested
  • Staff receive sufficient Information Security training
  • All breaches of information security, actual or suspected, are reported and investigated by CP’s Risk and Compliance Team
  • Failings of the ISMS will be identified and analysed in a timely manner in an effort to continually improve the performance of the ISMS

Compliance / responsibilities

The Information Security Group are responsible for the maintenance of this Policy.

Version control

Versions

VersionDatePrepared byApproved byChange
1.010/04/2025Andy LarkumPhil ErridgeNew Policy