Nomadix is committed to maintaining our reputation for deploying stable, robust, scalable, and future-proofed internet and in-room entertainment solutions. We work together to ensure that our software, services solutions, and operational processes minimize risks to the confidentiality, integrity, and availability of our customers’ and Nomadix’s information and IT systems.
We have implemented a combination of technical and operational security initiatives to identify and manage these risks and provide assurance that we are following best practices for information security. These include establishing an Information Security Management System (ISMS) based on international best practices for information security (IS027001).
The Nomadix ISMS has been designed, implemented, and operated to achieve the following objectives:
- Demonstrate senior management commitment to protecting our customers and Nomadix’s information by maintaining certification to IS027001.
- Comply with legislative requirements for information protection.
- Deliver stable solutions that minimize cyber security and operational risks.
- Comply with customer requirements for information security.
- Identify and minimize risks in our supply chain.
- Protect customer and Nomadix information from unnecessary access, modification, or loss by identifying and managing risks through the use of policies, processes, and controls that are regularly audited.
- Provide information security training to all our staff on an ongoing basis.
- Implement scalable systemized processes that support Nomadix’s growth strategy.
- Continually review and improve our security.
All staff and, where appropriate, suppliers are required to comply with the Nomadix ISMS and supporting policies. Non-compliance may result in disciplinary action or the termination of supplier contracts.
Information Security Responsibilities
- The Group Chief Information Security Officer (GCISO) is responsible for implementing and managing the ISMS, including reporting on its effectiveness to the Global Management Team (GMT).
- The Information Security Team oversees the implementation and management of security controls.
- Information asset/risk owners are responsible for identifying and classifying their information and addressing risks. Managers at all levels are responsible for complying with our information security controls and ensuring their team adheres to them.
- All staff, including temporary workers, contractors, and, where appropriate, third parties, are responsible for complying with our information security policies
- Qualified third-party practitioners will regularly assess compliance with our ISMS and information security controls.
Cyber Essentials
In addition, Nomadix has committed to holding a full Cyber Essentials certification backed by the UK government. Covering five main security control groups: firewalls and routers, software updates and patching, malware protection, access control, and secure configuration.
Security Management
- Information assets will be identified, assessed for risk, and appropriately protected.
- Risk escalation processes will be implemented.
- Security policies covering IT systems, personnel security, facilities, supply chain assurance, business continuity, and information collection, use, sharing, retention, and disposal will be implemented and adhered to.
- Information security training will be available to all staff, including temporary workers and contractors.
- The group’s chief information security officer will report and investigate all actual or suspected information security breaches.
- Compliance with our ISMS and information security controls will be regularly assessed.
For further information on this policy, please contact the Group Chief Information Security Officer. Dr Chris Spencer (D.Sc.).
