RYPT Information Security Policy
Last modified: 28th June 2024
1. Purpose
RYPT wants to foster a culture of openness, trust, and integrity by maintaining a high standard of data protection. The objective of information security policy is to ensure the business continuity of RYPT and to minimize the risk of damage by preventing security incidents and reducing their potential impact.
2. Scope
This policy has been approved by the company directors and applies to all RYPT staff, meaning permanent, fixed-term, and temporary staff, as well as any third-party representatives or sub-contractors, agency workers, volunteers, interns and agents, engaged with RYPT in Ireland or internationally, and handling or processing personal data as defined by the GDPR.
2.1. Enforcement
Adherence to this policy is mandatory and non-compliance could lead to disciplinary action. Any third-party partner company found in violation may have their network connection terminated.
3. Definitions
Please see Appendix A for a full list of definitions which are used throughout this policy.
4. Information Security Policy
RYPT’s information security policy ensures that:
- Information will be protected against any unauthorized access.
- Confidentiality of information will be assured.
- The integrity of information will be maintained.
- Availability of information for business processes will be maintained.
- Business continuity plans will be developed, maintained, and tested.
- Information security training will be available for all employees.
- All actual or suspected information security breaches will be reported to the Data Protection Officer (DPO) and will be thoroughly investigated.
- The procedures exist to support the policy, including virus control measures, passwords, and continuity plans.
- Business requirements for the availability of information and systems will be met.
5. Supporting Policies
There are several supporting RYPT policies to accompany this policy document. Each covers a specific area of information security.
All RYPT staff, meaning permanent, fixed-term, and temporary staff, as well as any third-party representatives or sub-contractors, agency workers, volunteers, interns and agents, engaged with RYPT in Ireland or internationally, and handling or processing personal data are required to familiarize themselves with these accompanying policies and to work in accordance with them.
The supporting policies include:
6. Responsibilities
The Information Security Manager is responsible for maintaining the policy and providing support and advice during its implementation.
All directors are directly responsible for implementing the policy and ensuring staff compliance in their respective departments.
7. Review
This policy will be reviewed and updated annually or more frequently if necessary, to ensure that any changes to the RYPT’s organization structure and business practices are properly reflected in the policy. Updates to the policy and the supporting policies will be made periodically and will be announced by email broadcast.
Appendices
Appendix A – Definitions
| TERM | DESCRIPTION |
| Authorized | Means with official RYPT approval and permission to perform a particular task. |
| Availability | Means ensuring that authorized users have access to information and associated assets whenever required. |
| Confidentiality | Means ensuring that information is only accessible to those users who are authorized to access the information. |
| Data | As used in this Policy shall mean information which either:is submitted by the data subject via the RYPT appIs submitted by the coach on behalf of the data subject via the RYPT website |
| Data Protection | Means the protection of personal data |
| Data Protection Officer (DPO) | RYPT’s appointed Data Protection Officer. |
| Data Subject | Refers to the individual to whom personal data held relates, including: employees, customers, suppliers. |
| Information | Means any data in an electronic format that is capable of being processed or has already been processed. |
| Information Security | Means the preservation of confidentiality, integrity and availability of information. |
| Information Security Manager | RYPT’s appointed Information Security Manager. |
| Information System | Means a computerized system or software application used to access, record, store, gather and process information. |
| Integrity | Means ensuring the accuracy and completeness of information and associated processing methods. |
| Processing | Means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. |
| Third Party | Means an entity, whether or not affiliated with RYPT, that is in a contractual arrangement with the company. These Third Party relationships include, but are not limited to, activities that involve outsourced products and services, use of independent consultants, payment processing services, joint ventures and other business arrangements where RYPT has an ongoing relationship. Third Party relationships, for the purposes of this policy, generally do not include customer relationships. Under GDPR a ‘Third Party’ means a natural or legal person, public authority, agency or body, other than the data subject, controller, processor and persons who, under the direct authority of the Data Controller of Data Processor, are authorised to process personal data. |