Company Security PolicyDocument Ref: 9016-A-Company Security PolicyVersion 2.5 - Issue date: 14 November 2023
Policy, Principles and Commitments
Ark Data Centres (Ark) is committed to safeguard the integrity of the information within its custody. It is equally committed to protect its personnel and assets. Employees under this policy would be taken to include direct employees, approved contractors, sub-contractors or anyone who is representing Ark.
It is a fundamental principle of Ark that employees should not be required to take, and should not of their own volition take, any unreasonable risks with their personal security on behalf of the company. Equally, employees should not put at risk persons (including colleagues, clients and personnel from other organisations) or the property (including tangible and intangible assets) of the company or its clients.
This policy applies to all of the work undertaken at or in relation to Ark’s Spring Park, Cody Park and Meridian Park sites.
Ark is committed to:
- Safeguarding the confidentiality, integrity and availability of all client, supplier and Ark information;
- Protecting all assets, including personnel within our operational environments;
- Protecting all assets using a defence in depth methodology utilising physical, documentary, personnel and logical security controls.
- Managing security risks appropriately and effectively in partnership with our clients and suppliers;
- The implementation and operation of a risk management methodology that meets the requirements of ISO 27001, ISO 14001, ISO 9001 and ISO 22301 and any other relevant certifications (SOC 2, Cyber Essentials Plus and PCI DSS) and includes relevant elements of the HMG GS007, DefCon 659 (Facilities Security Clearance – formally List X), The Nuclear Industries Security Regulations (NISR) 2003 (List N) and JSP440/490, which is continuously monitored and regularly reviewed;
- Managing security in accordance with the Company Security Instructions and subordinate security plans;
- Investigating all security incidents and take appropriate action to minimise the probability of recurrence;
- Managing the associated personnel security risk of employing vetted staff as part of ongoing obligations under Industry Personnel Security Assurance (IPSA);
- Co-operating fully with law enforcement authorities;
- To satisfy all applicable requirements related to information security and maintain security standards and procedures in accordance with any legal, regulatory requirements and relevant best practice, and;
- To continually improve our Information Security Management System (ISMS) and all security activities through the setting of objectives and targets. The Senior Leadership Team (SLT) endorses these objectives to ensure they are SMART and reflect the needs of the business. These objectives and our performance against them will be measured and evaluated as often as is necessary and in any event no less frequently than annually.
Chief Executive Officer
Ark Data Centres Limited
15 November 2023