Information Security Policy Statement

The Causeway Information Security Management Policy


Information Security Policy Statement

1 February 2024

The Causeway board of directors recognises the significance of integrity and security of information. Causeway’s Information Security Management (“ISM”) Policy is to maintain the highest standard of confidentiality, integrity and availability of internal, customer and supplier information.

The purpose of this policy is to protect the organisation’s information assets from all threats, whether internal or external, deliberate or accidental. Corporate information is a critical business asset. These assets are identified and managed in accordance with the risk assessment methodology that endorses the acceptable risk levels.

The success of Causeway’s business is dependent upon the company’s ability to store information securely, and retrieve and process it as and when required. Such information and the way it may be processed is subject to UK legislation.

Causeway’s ISM policy is achieved by a stringent set of controls, including policies, processes, procedures and software and hardware functions. These controls are continuously monitored, reviewed, improved and approved by the Board to ensure that specific security and business objectives are met. This is operated in conjunction with other business management processes, and incorporates the applicable statutory, regulatory and contractual requirements.

Causeway’s ISM policy awareness program is incorporated in our induction process and training program. The ISM Policy is readily accessible internally and presented to existing and prospective customers.

In addition to Causeway employees, Causeway suppliers and contractors are expected to adhere to the ISM policy. All employees are empowered to take  responsibility for Information Security and a robust process for identifying and reporting security risks and incidents is in place and is regularly reviewed.

Through compliance to applicable statutory, regulatory and contractual requirements, and the standard for Information Security Management ISO/ IEC 27001:2013, Causeway will demonstrate confidence, integrity and credibility both internally and externally.


Causeway’s Information Security objectives are set by the Information Security Team and are cascaded throughout the organisation. The objectives include:

(a) To raise awareness of security issues company-wide through proactively communicating the ISM Policy, Information Security Management System Manual and supporting procedures;

(b) To raise awareness of the benefits of Causeway being ISO 27001 certified to enhance customer loyalty, reputation and strengthen the Causeway brand;

(c) To establish and monitor an effective Information Security Management System to reduce risk to both Causeway and its customers.

A copy of this policy is available for download - HERE

Security Certifications

ISO 27001

Causeway is proud to announce that we maintain an ISO 27001 certification.

This certification demonstrates that Causeway has successfully implemented a systematic and documented approach to securing clients’ and corporate information.

MicrosoftTeams-image (53)-1