Information security policy

Information Security Policy for Toast Design Consultancy Limited


Ensuring the security of information is a critical aspect of our business operations at Toast Design Consultancy Limited. This Information Security Policy outlines the company’s approach to managing information securely and responsibly. It is designed to protect the confidentiality, integrity, and availability of the company’s information assets.


The purpose of this policy is to establish guidelines and procedures for all employees, contractors, and third parties to follow to ensure the secure handling of information within the company.


  • To maintain the company’s information’s confidentiality, ensure that only authorised personnel have access to it.
  • To preserve the integrity of the company’s information, preventing unauthorized modification or deletion.
  • To ensure the availability of the company’s information when needed.


This policy applies to all employees, contractors, and third parties accessing the company’s information assets. It covers both digital and physical information storage and processing.

Access Control

  • Multi-factor authentication is required for accessing sensitive company data.
  • Physical access to company premises is controlled through an ID badge system and visitor logs.


All employees must undergo information security training upon onboarding and at regular intervals thereafter. The training will cover general security awareness and specific procedures related to information security risks.


The Chief Information Security Officer (CISO) is responsible for maintaining and updating this policy in line with the company’s risk assessment and business continuity plan.


This policy will be made available on the company intranet and hard copies will be provided to all staff. Any updates to the policy will be communicated promptly.

Reporting Breaches

Following the company’s data breach reporting procedure, employees must report any actual or potential security breaches immediately.


This policy will be reviewed at least annually or whenever significant changes to the company’s information security risk profile exist.