INFORMATION SECURITY MANAGEMENT STATEMENT

It is the policy of CRY to maintain an Information Security Management System (ISMS) designed to meet the requirements of ISO 27001:2017 in pursuit of its primary objectives.

CRY’s ISMS Manual describes its corporate approach to information security and details how CRY addresses its responsibilities in relation to this vital area of business. As an organisation, CRY is committed to satisfying applicable requirements related to information security and the continual improvement of the ISMS.

Information Security is the responsibility of all members of staff, not just the senior management team. As such, all CRY staff are given guidance on key Information Security policies and procedures; and are expected to demonstrate a practical application of the key objectives, where appropriate, in their daily duties.

CRY also makes details of its Information Security policies known to other interested parties, including external organisations, where appropriate. CRY determines the need for, and method of, any such communication according to the principles of its information security management system.

All CRY’s legal and regulatory obligations are included within a Legal Documents Register held by CRY. This contains details of the main financial, employment, environmental and charity legislation that is applicable to CRY. It also contains details of all CRY’s insurance policies. This document is checked on a monthly basis prior to the monthly Leadership Team meeting and reviewed three times per years at Quality Management Review meetings.

Verification of compliance with the CRY’s Information Security Management System is achieved by a continuous programme of internal audits.

Scope of the Policy

The scope of this policy relates to all IT systems and hardcopy document control systems operated by CRY in pursuit of its purpose “to prevent young sudden cardiac deaths through awareness, screening and research, and supporting affected families”. It also relates, where appropriate, to external risk sources including functions which are outsourced. CRY maintains a number of procedure documents and flow charts which illustrate key business activities and their correspondence to ISMS requirements.

Any enquiries about CRY’s Information Security systems should be sent to [email protected] and marked for the attention of the Operations Manager.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Preventing young sudden cardiac deaths through awareness, screening and research, and supporting affected families.

01737 363222

[email protected]

Scope of the Policy

Contact Information