The confidentiality, integrity and availability of information, in all its forms, is critical to the effective operation and governance of EIP (the firm). Failure to protect the firm’s information, including client information, increases the risk of financial and reputational loss from which it may be difficult to recover.
This information security policy outlines the firm’s approach to managing information security and describes the guiding principles and responsibilities necessary to safeguard and protect the firm’s information and its information systems.
EIP is committed to the implementation of a robust Information Security Management System (ISMS) that has been designed to protect the confidentiality, integrity and availability of its information.
It is the express policy of the firm to protect the information assets of the firm and its clients from unauthorised or accidental disclosure, modification, denial of access, misuse and loss. This will require the firm to implement a strong security culture and ensure appropriate behaviours.
The key to effective information security is a positive attitude and proactive approach by every individual. All employees have a duty of care to ensure that information that they have access to and are responsible for is appropriately protected.
All employees, and as appropriate contractors and suppliers working on behalf of the firm, shall comply with all legal, regulatory and contractual requirements.
All employees, and as appropriate contractors, are required to comply with all information security policies and procedures as documented and published by the firm.
The use of artificial intelligence (AI) must be in accordance with approved firm policies and applicable security, confidentiality and regulatory requirements.
The firm is committed to continually improve the effectiveness of its Information Security Management System (ISMS), by conducting regular audits and performance reviews of measurable security objectives to ensure compliance and drive security improvements.
The policy objectives are to:
This policy is applicable to all Executive Members, partners, employees and third parties who have access to the firm’s information and the information systems used to store and process it. These systems include, but are not limited to, the IT network and system infrastructure, cloud services, document management system, backup systems, media (electronic and paper) and end user devices including laptops, workstations and mobile phones.
The firm’s Information Security Policy is supported by specific policies. If clients or suppliers wish to request copies of any of these policies, they should in the first instance contact the Information Security team at infosec@eip.com.