Summary

Bluestone PR’s (t/as Outsource) information security policy is supported by our information security management program which includes a number of policies, standards and guidelines.

Together these explain how we track, manage, report and audit our ICT systems. Adherence to this program ensures compliance with our information security policy and in doing so, protects our ICT assets and information, including the information we manage for clients as part of the work we are contracted to deliver.

Policies and procedures which make up the information security management program include:
– Acceptable use policy
– Access control policy
– Compliance with the Australian Privacy Act.
– Information Security Policy
– Backup and recovery
– Change Management
– Cryptographic Controls
– Data/Information Classification
– Data/Information Destruction
– Data/Information Handling
– Information Security Risk Management
– Information Transfer
– Mobile Device Security
– Password Security
– Patch management
– Physical and Environmental Security
– Protection from Malware
– Restrictions on Software Installation
– Third Party Risk Management