ISMS Policy

It is the policy of the Improvement Service to maintain an Information Security Management System (ISMS) designed to meet the requirements of ISO27001:2023 in pursuit of its primary objectives and the purpose and context of the organisation i.e.

The provision of consultancy and facilitation products and services, and research, data and intelligence to support all Scottish councils to help them manage their own performance and improvement, deliver digital services, enhance the learning and skills of officers and elected members and improve outcomes for communities.

It is the policy of the Improvement Service to:

  • Strive to satisfy the requirements of our customers, partners, stakeholders and interested parties
  • Make the details of our policies known to other interested parties, including external where appropriate, and determine how and what to communicate
  • Comply with all legal requirements, codes of practice and other requirements applicable to our activities
  • Provide all the resources of equipment, trained and competent staff and any other appropriate requirements to enable these objectives to be met
  • Ensure employees are made aware of their individual obligations in respect of this policy
  • Maintain a management system that seeks to achieve these objectives
  • Seek continual improvement in the effectiveness of our management system based on business risk, privacy considerations and feedback from our stakeholders

To ensure our organisation maintains its awareness for continuous improvement, our management system is regularly reviewed by the ISMS Board – senior management representatives from across the business – to ensure it remains effective and fit for purpose.

Our management system is also subject to regular independent internal and external audit.

Sarah Gadsden
Chief Executive

Version: 1.3
Last updated: 09/04/2024
Last reviewed: 09/04/2024
Next review date: 09/04/2025