INFORMATION SECURITY POLICY STATEMENT

Morris Transfers Ltd recognises that information is a critical business asset, and safeguarding its confidentiality, integrity, and availability is essential to ensuring secure, reliable operations.

This policy establishes a framework to:

  • Protect against information security threats and reduce the impact of incidents

  • Support the development, implementation, and maintenance of an Information Security Management System (ISMS) aligned with ISO 27001:2013 requirements

While not formally ISO‑certified yet, we aspire to meet these international standards in future.

1. Scope

This policy applies to all Morris Transfers services, covering:

  • All electronic and physical information assets

  • Our personnel, contractors, and third-party providers

  • All locations where Morris Transfers handles information

2. Leadership & Responsibility

  • The Owner endorses and supports this policy.

  • An appointed Information Security Officer is accountable for implementing, monitoring, and auditing the ISMS.

  • Management at all levels ensures awareness, understanding, and compliance with this policy.

3. Core Commitments

We are committed to:

  1. Defining clear policies and objectives based on business needs and risk assessments

  2. Implementing controls to manage identified risks to information security

  3. Regularly monitoring and reviewing the ISMS's performance and its controls

  4. Continuously improving information security based on measurable outcomes

  5. Meeting all relevant legal, regulatory, and contractual security obligations

  6. Providing adequate resources and training to maintain and improve the ISMS

4. Employee & Partner Obligations

All Morris Transfers staff, contractors, and partners must:

  • Understand and apply this policy and supporting procedures

  • Report security incidents or suspected breaches immediately

  • Participate in security training and awareness programs

  • Maintain the confidentiality, integrity, and availability of all information assets

Non-compliance may result in disciplinary or contractual consequences.

5. Continuous Assurance & Improvement

The ISMS includes:

  • Regular internal reviews and external audits

  • Periodic risk assessments and security testing

  • A formal process for policy updates, approved by senior leadership

  • Annual reviews or whenever significant changes occur

6. Governance & Auditing

The Information Security Officer oversees regular audits, reporting findings to senior management. Any non-conformities or risks are addressed through corrective actions and improvements.

Jonathan Morris
Owner
Morris Transfers Ltd
Date: 9 July 2025