Integrated Management System Objective and Policy Statement

IMS Policy Statement

Purpose, Scope, and Users

This policy defines how the Integrated Management System (IMS) will be set up, managed, measured, reported on, and developed within Duplo.

Duplo has decided to pursue full certification to ISO/IEC 27001:2022, ISO 20000:2018, and ISO 22301:2019 in order that the effective adoption of Information Security Management, IT Service Management, and Business Continuity Management Systems best practices may be validated by an external third party. The purpose of this document is to define an overall policy regarding the Integrated Management System that is appropriate to the purpose of Duplo, and includes:

– A framework for setting objectives.
– A commitment to satisfying applicable requirements.
– A commitment to continual improvement of the management systems.

This Policy is available in electronic form and will be communicated within the organization
and to all relevant stakeholders and interested third parties.

Scope of the IMS

The scope of Duplo’s IMS is the entire organization, including all business units, processes, systems, and services related to the development, delivery, and support of Duplo’s products and services.

The IMS aims to protect the confidentiality, integrity, and availability of all information assets within the organization, including customer data and financial information, and ensure compliance with relevant regulations.

Integrated Management System Objectives

Objective 1 – Achieve 100% protection of the confidentiality and integrity of Duplo Information assets through the implementation and integration of measures within the framework of the Information Security Management System (ISMS), Business Continuity Management System (BCMS), and IT Management System (ITMS).

Objective 2 – Foster a 90% Information Security Awareness culture across the organization by incorporating awareness initiatives into the broader IMS, encompassing principles from ISMS, BCMS, and ITMS.

Objective 3 – Ensure a 99.6% availability rate, demonstrating the resilience of information systems, by aligning efforts with the IMS that integrates Information Security Management, Business Continuity Management, and IT Management practices for a comprehensive approach to managing risks and ensuring continuity.

Objective 4 – Achieve 100% compliance with Duplo’s legal, regulatory, and contractual obligations related to information security, business continuity, and IT service management.

Objective 5 – Enhance Operational Efficiency by 20%.

Objective 6 – Achieve a 95% customer satisfaction rating.

Objective 7 – Drive Innovation and Continuous Improvement.

Top Management Leadership and Commitment

Commitment to the Integrated Management System extends to senior levels of the organization and will be demonstrated through this IMS Policy and the provision of appropriate resources to provide and develop the Integrated Management System and associated controls.

Top management will also ensure that a systematic review of the performance of the programme is conducted on a regular basis to ensure that objectives are met and issues are identified through the audit programme and management processes. Management Review can take several forms including departmental and other management meetings.

Roles and Responsibilities

Within the field of Information Security, IT Service Management, and Business Continuity Management, there are a number of key roles that need to be undertaken to ensure successful protection of the business from risk.

Full details of the responsibilities associated with each of the roles and how they are allocated
within Duplo are given in a separate document. The ISMS, ITSM, and BCMS Managers shall have overall authority and responsibility for the implementation and management of the Integrated Management System, specifically:
– The identification, documentation, and fulfilment of applicable requirements.
– Implementation, management, and improvement of risk management processes.
– Integration of processes.
– Compliance with statutory, regulatory, and contractual requirements in the management
of assets used to deliver products and services.
– Reporting to top management on performance and improvement.

Continual Improvement Policy

Duplo’s policy concerning Continuous Improvement is to:
– Continually improve the effectiveness of the IMS across all areas within scope.
– Enhance current processes to bring them into line with good practice as defined within ISO/IEC 27001:2022, ISO 20000:2018, and ISO 22301:2019
– Achieve certification in the Integrated Management System and maintain it on an ongoing basis.
– Increase the level of proactivity (and the stakeholder perception of proactivity) concerning the ongoing management of the IMS.
– Make processes and controls more measurable to provide a sound basis for informed decisions.
– Achieve an enhanced understanding of and relationship with the business units to which the IMS applies.
– Review relevant metrics on an annual basis to assess whether it is appropriate to change them, based on collected historical data
– Obtain ideas for improvement via regular meetings with stakeholders and document them in a Continual Improvement Log
– Review the Continual Improvement Log at regular management meetings to prioritize and assess timescales and benefits.

Ideas for improvements may be obtained from any source including employees, customers, suppliers, IT staff, risk assessments and service reports. Once identified, they will be added to the Duplo Continual Improvement Log and evaluated by the ISMS, ITSM, and BCMS Manager.

As part of the evaluation of proposed improvements, the following criteria will be used:
– Cost
– Business benefit
– Risk
– Implementation timescale
– Resource requirement

If accepted, the improvement proposal will be prioritized to allow more effective planning.

Human Resources

Duplo will ensure that all staff involved in IMS are competent based on appropriate education, training, skills, and experience. The skills required will be determined and reviewed on a regular basis, together with an assessment of existing skill levels within Duplo. Training needs will be identified, and a plan will be maintained to ensure that the necessary competencies are in place.

Training, education, and other relevant records will be kept by the Human Resource Department to document individual skill levels attained.

Auditing and Review

Once in place, it is vital that regular reviews take place to ascertain how well the IMS processes and procedures are being adhered to. This will happen at three levels:
1. Structured regular management review of conformity to policies and procedures.
2. Internal audit reviews against the Integrated Management System standards by the Duplo Internal Audit team.
3. External audit against the Integrated Management System to gain and maintain certification.

Contact Us

If you have any complaints, feedback and/or questions about us, our Services and/or these Policies, you may contact us at hello@tryduplo.com.

Expense Management

Global Payments

Global Accounts

FIRS E-invoicing

Approval Workflows

Direct Debit

Tax Management

Reimbursements

E-invoicing

Collections

Bulk Payments

Payment API

Reporting & Analytics

Auto Reconciliation

Instant FX Swap

Multi-currency Wallets

About Us

Careers

News

Partners

Evolving CFOs

Resource Center

Blog

Case Studies

Reports and Guides

Webinars and Interviews

ROI Calculator

Finance Glossary

Help Center