Our Commitment to Information Security

Allied Integrated Management is committed to protecting the confidentiality, integrity, and availability of information across all divisions, including Security, Facilities, Traffic, Pest, and Civil.

We maintain an Information Security Management System aligned with ISO/IEC 27001:2022 to safeguard client, employee, operational, and business information from unauthorised access, misuse, loss, disclosure, or disruption.

1. Protection of Information Assets

We will:

• Protect sensitive, confidential, and business-critical information
• Apply controls to prevent unauthorised access, disclosure, alteration, or loss
• Secure both physical and digital information assets

2. Legal and Regulatory Compliance

We will:

• Comply with applicable privacy, data protection, contractual, and regulatory obligations
• Monitor changes to legal and information security requirements
• Maintain governance and accountability over information handling

3. Risk Management

We proactively:

• Identify information security risks and vulnerabilities
• Assess threats to systems, data, and operations
• Apply controls proportionate to risk exposure
• Review risks regularly and respond to emerging threats

4. Access Control and Technology Security

We are committed to:

• Restricting access to authorised users only
• Managing passwords, permissions, and privileged access appropriately
• Maintaining secure systems, devices, and networks
• Supporting secure development and change management practices

5. Awareness and Responsibility

We support our workforce by:

• Providing information security training and awareness programs
• Promoting accountability for secure handling of information
• Encouraging prompt reporting of incidents, phishing, or suspicious activity

6. Incident Management and Business Continuity

We will:

• Respond promptly to security incidents and breaches
• Investigate incidents and implement corrective actions
• Maintain business continuity and recovery arrangements
• Test preparedness where appropriate

7. Supply Chain and Third Parties

We ensure that suppliers, contractors, and service providers:

• Meet appropriate information security expectations
• Protect information shared with them
• Are subject to proportionate due diligence and controls

8. Continual Improvement

We are committed to:

• Monitoring security performance and controls
• Conducting audits, reviews, and assessments
• Improving our Information Security Management System over time

Implementation

This policy is implemented through:

• Procedures, standards, and operational controls
• Staff inductions and awareness training
• Secure technologies and monitoring processes
• Incident reporting, audits, and management review

Accountability

Leadership is accountable for ensuring this policy is implemented, maintained, and aligned with the strategic direction of the business.

Availability

This policy is publicly available and accessible to all interested parties.

Document Information

• Policy: Information Security Policy
• Reference: AIM-ISMS-POL-01
• Revision: 04
• Last Reviewed: 31 March 2025