1. Introduction

This policy defines how the Integrated Management System comprising of the Information Security Management System (ISMS), Service Management System (SMS) and Business Continuity Management System (BCMS) will be set up, managed, measured, reported on and developed within Jubilee Life Mortgage Bank

Jubilee Life Mortgage Bank is committed to providing a service according to client’s expectations, ensuring that we take all aspects of Information Security, Business Continuity and Service Management in delivering our services to our clients.

It is the policy of Jubilee Life Mortgage Bank to commit and maintain an Integrated Management System designed to meet the requirements of ISO27001:2013, ISO 20000:2018 and ISO 22301:2019 in pursuit of its primary objectives.

In order to drive continual improvement within the Information Security Management System, Jubilee Life Mortgage Bank has set objectives on an annual basis as part of the Management Review Process; these objectives ensure the system is appropriately monitored and measured. All objectives are communicated to all staff and include key responsibilities, timescales and appropriate measures of success.

1.1 It is our Policy to ensure that:
  • All information and systems will be protected against unauthorized access and disclosure
  • Confidentiality of information will be maintained
  • Integrity of information is protected from unauthorized modification
  • Regulatory and legislative requirements will be met
  • Business continuity plans will be maintained and tested (as far as practicable)
  • All suspected breaches of information security will be reported and investigated
  • Adequate prevention and detection of malware is in place
  • Information Security Policies are in place to ensure the safe practice of using our computer and information systems
  • Quality products and services are rendered to customers at all times
  • Customers’ needs and expectations are met In line with the agreed service and requirements
  • Competent external providers that meet all pre-qualifications requirements are engaged.
  • Optimal internal business processes and customer satisfaction, delight, and retainership.
2. Setting the Integrated Management Objectives

The high-level objectives for the Integrated Management System within Jubilee Life Mortgage Bank are defined within the document IMS Context, Requirements and Scope. These are fundamental to the nature of the business and are not be subject to frequent change.

These overall objectives will used as guidance in the setting of lower level, more short-term objectives for planning within an annual cycle timed to coincide with organizational budget planning. This will ensure that adequate funding is obtained for the improvement activities identified. These objectives will be based upon a clear understanding of the overall business requirements and how they may change during the year.

Integrated Management objectives will be documented in the IMS Objectives and Management Plan for the relevant financial year, together with details of a plan for how they will be achieved. Once approved, this plan will be reviewed on a quarterly basis as part of the management review process, at which time the objectives will also be reviewed to ensure that they remain valid. If amendments are required, these will be managed through the organizational change management process.

2.1 Top Management Leadership and Commitment

Commitment to the Integrated Management System Objectives extends to senior levels of the organization and will be demonstrated through this IMS Policy and the provision of appropriate resources to provide and develop the IMS and associated controls.

Top management will also ensure that a systematic review of performance of the programme is conducted on a regular basis to ensure that quality objectives are being met and relevant issues are identified through the audit programme and management processes. Management review can take several forms including departmental and other management meetings.

The Project Manager shall have overall authority and responsibility for the implementation and management of the Integrated Management System, specifically:

• The identification, documentation and fulfilment of the Integrated Management System Objectives.
• Implementation, management and improvement of risk management processes
• Integration of operational processes, procedures and controls
• Compliance with statutory, regulatory and contractual requirements
• Reporting to top management on performance and improvement

2.2 Continual Improvement of the IMS

Jubilee-Life Mortgage bank policy with regard to continual improvement is to:

• Continually improve the effectiveness of the IMS
• Enhance current processes to bring them into line with good practice as defined within ISO/IEC 27001, ISO/IEC 20000 and ISO/IEC 22301
• Achieve Certification and maintain it on an on-going basis
• Review relevant metrics on an annual basis to assess whether it is appropriate to change them, based on collected historical data
• Obtain ideas for improvement via regular meetings and other forms of communication with interested parties, including cloud service customers
• Review ideas for improvement at regular management meetings to prioritise and assess timescales and benefits

Ideas for improvements may be obtained from any source including employees, customers, suppliers, IT staff, risk assessments and service reports.