Information Security Policy Overview

Everyone at CX Index is responsible for familiarising themselves with and complying with all CX Index’s policies, procedures and standards dealing with information security.

Definition of Information Security

The U.S. National Information Systems Security Glossary defines Information systems security (INFOSEC) as:

The protection of information systems against unauthorised access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorised users or the provision of service to unauthorised users, including those measures necessary to detect, document, and counter such threats.

Information Security centres on the following three objectives for protecting information: Confidentiality, Integrity, and Availability.  The policies in this document support these objectives.

Why Security?

CX Index requires information security to protect information assets from security threats.   It is critical to protect the system environment to maintain a competitive advantage in the marketplace, to ensure profitability, and to secure and maintain client and partner trust and confidence.

Security threats originate at a wide variety of sources, including computer-assisted fraud, industrial espionage, sabotage, vandalism and natural disasters.  Computer viruses, unethical hacking and denial of service attacks are examples of threats encountered while operating over the Internet.  These types of threats are becoming increasingly more common, more ambitious and more sophisticated.

Philosophy of Protection

CX Index’s philosophy of protection provides the intent and direction behind our protection policies, procedures, and control.  Our protection philosophy is comprised of three tenets:

1.   Security is everyone’s responsibility.  Maintaining an effective and efficient security posture for CX Index requires a proactive stance on security issues from everyone.   Security is not “somebody else’s problem;” as an employee of CX Index you have the responsibility to adhere to the security policies and procedures of the company and to take issue with those who are not doing the same.

2.   Security permeates the CX Index organisation.  Security is not just focused on physical and technical “border control.” Rather, CX Index seeks to ensure reasonable and appropriate levels of security awareness and protection throughout our organisation and infrastructure.   There is no place in our business where security is not a consideration.

3.   Security is a business enabler.  A strong security foundation, proactively enabled and maintained, becomes an effective market differentiator for our company.  Security has a direct impact on our viability within the marketplace, and must be treated as a valued commodity.

The tenets of our philosophy of protection are mutually supportive; ignoring any one tenet in favour of another undermines the overall security posture of our organisation.


Was this article helpful?