Ricardo plc and all its operations are committed to maintaining and improving information security to manage exposure to risk for ourselves, our clients, our staff and other stakeholders. The responsibility for compliance sits with the Chief Financial Officer supported by the Group IT Director and is delivered via Divisional Managing Directors and their teams.
Our principal information security commitments are to:
- Comply with all legal requirements and codes of practice applicable to our activities.
- Maintain a management system that will achieve the core principles of information security of confidentiality, integrity and availability.
- Confidentiality: ensuring that only those individuals who have a valid and authorised reason to access the information can do so.
- Integrity: ensuring that information is not altered, deleted or otherwise modified by unauthorised individuals or processes.
- Availability: ensuring that the information can be accessed when it is required.
- To continually improve our information security performance using a risk based approach; including setting and review of realistic and achievable objectives.
- To provide appropriate resources for the implementation of this policy.
- In line with the context of the business, to work with relevant stakeholders to implement this policy.
- To verify conformance by certification to ISO27001 at our main facilities.
- Where applicable to encourage our supply chain to adopt similar information security commitments.
This policy is implemented at each Ricardo facility through our management systems. Changes to this policy shall be driven by audit results, changing circumstances and the commitment to continual improvement. Staff awareness of this policy is ensured by providing appropriate training and communications.
Dave Shemmans (Chief Executive Officer)
22 June 2020