Modeus recognises that due to the nature of its business and products, their information systems and employees may be required to handle sensitive healthcare data. These activities require strict and consistent security measures to address the potential risk of misuse, theft or loss for many types of data with the most important being patient records and medical information.
Modeus operates an Information Security Management System (ISMS) that aims to be highly visible in terms of information availability but invisible in terms of its operation by being deeply ingrained in everyday processes and culture. The ISMS is also required to be compliant with the ISO 27001 standard.
This policy applies to the entire organisation.
Information Security leadership at Modeus
The ISMS is driven by the Modeus Information Security Group, a team of senior leaders within the organisation who are committed to preserving the confidentiality, integrity and availability of information as per their defined objectives.
The below is a list of the MISG’s objectives:
- To ensure the ISMS is available and publicised to all team members
- To promote and nurture a strong culture around information security
- To ensure continuous operation, effectiveness and suitability of the ISMS
- To explore opportunities for improving the ISMS
- To keep up to date with any changes to information security requirements based on legal, regulatory and contractual obligations
Concerns & Objectives
The below is a current list of concerns which the ISMS aims to prevent or mitigate
- Information breach
- Reputational damage
- Financial loss
- Legal, regulatory & contractual obligation breaches
The below is a current list of the ISMS’ objectives. The effectiveness of the ISMS’ objectives will be measured on an annual basis during a review by the MISG.
- Support the protection of data within the business
- Support the availability of access to data by appropriate parties
- Support the operational effectiveness of the business
- Ensure compliance with regulatory and legislative requirements
- Ensure continuous suitability of information security policies
- Support an information security culture within the business