Read more about our information security policy here.
Easy LMS B.V. (Easy LMS) is located in the Netherlands and provides a SaaS (software as a service) learning management system. The board of directors and management of Easy LMS are committed to preserving the confidentiality, integrity, and availability of all the physical and information assets throughout Easy LMS. This is in order to preserve its competitive edge, commercial image, cash-flow, profitability, and legal/regulatory/contractual compliance. Information and information security requirements will continue to align with Easy LMS' goals. We have implemented an ISMS (Information Security Management System) intended to be a mechanism for information sharing, electronic operations, e-commerce, and identifying and reducing information-related risks to acceptable levels.
In particular, business continuity and contingency plans, data backup procedures, avoidance of viruses and hackers, access control to systems, and information security incident reporting are fundamental to this policy. These are described in policies and supporting documents in the ISMS.
The ISMS, of which this policy and other supporting and related documentation is part, has been designed in accordance with the specification contained in ISO 27001. The ISMS is subject to continuous, systematic review and improvement. We have appointed a security officer, who is responsible for the management and maintenance of the ISMS and risk treatment plan. Easy LMS is committed to retaining certification of its ISMS to ISO 27001. All employees of Easy LMS are expected to comply with this policy and with the ISMS that implements it. All employees will receive appropriate training. The consequences of breaching policies in the ISMS are set out in Easy LMS' employment contracts and relevant agreements with third parties. We use the OGSM (Objective, Goals, Strategies, Measures) framework to set information security objectives on a yearly basis and work on achieving them. We use the same framework for setting and working on objectives throughout Easy LMS. In this policy, ‘information security’ is defined as: Preserving the confidentiality, integrity, and availability of all the physical assets and of all information assets, throughout Easy LMS:
Preserving
This means that management and all full-time and part-time employees will be made aware of their responsibilities (which are defined in their job descriptions or contracts) to preserve information security, to report security breaches, and to act in accordance with the requirements described in the ISMS. All employees will receive information security awareness training, and more specialized staff will receive appropriately specialized information security training.
Confidentiality
This involves ensuring that information is only accessible to those authorized to access it and therefore preventing both deliberate and accidental unauthorized access to Easy LMS' information, proprietary knowledge, and systems.
Integrity
This involves safeguarding the accuracy and completeness of information and processing methods, and therefore requires preventing deliberate or accidental, partial or complete, destruction or unauthorized modification of either physical assets or electronic data. There must be appropriate contingency and data backup plans and security incident reporting. Easy LMS must comply with all relevant data-related legislation of the jurisdictions it operates in.
Availability
This means that information and associated assets should be accessible to authorized users when required and therefore physically secure. The computer network must be resilient, and Easy LMS must detect and respond rapidly to incidents that threaten the continued availability of assets, systems, and information. There must be appropriate business continuity plans.
All the physical assets
The physical assets of Easy LMS include, but are not limited to, computer hardware, data cabling, telephone systems, filing systems, and physical data files.
All information assets
The information assets include information printed or written on paper, transmitted by post or shown in films, or spoken in conversation, as well as information stored electronically on servers, website(s), extranet(s), intranet(s), PCs, laptops, and mobile phones, as well as on USB sticks, backup tapes and any other digital or magnetic media, and information transmitted electronically by any means. This includes the sets of instructions that tell the system(s) how to manipulate information (i.e., the software: operating systems, applications, utilities, etc.).
Throughout Easy LMS
Everyone at Easy LMS has signed up to our security policy and has accepted our ISMS.
Document Owner and Approval
The security officer is the owner of this document and is responsible for ensuring that this policy document is regularly reviewed. This policy will be reviewed in response to any risk assessment or risk treatment plan changes, and at least annually. A current version of this document is available to all staff members in Confluence. It does not contain confidential information and can be released to relevant external parties.