Open the article in a separate window
Timetabling Solutions ISMS is designed to meet the requirements of ISO 27001:2022.
1. Management Commitment to Information Security
Timetabling Solutions is committed to protecting the confidentiality, integrity, and availability of its information assets to ensure the continued trust of our clients, compliance with legal and regulatory requirements, and the security of the data entrusted to us.
Our Information Security Management System (ISMS) is integrated into our business processes to safeguard sensitive information, prevent security breaches, and mitigate risks effectively. Senior management actively supports and promotes a culture of security awareness and continuous improvement.
2. Compliance with Laws and Regulations
Timetabling Solutions ensures compliance with all applicable legal, regulatory, and contractual requirements related to information security and data protection. These include, but are not limited to:
Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs)
General Data Protection Regulation (GDPR) (EU) for clients in the European Union
UK General Data Protection Regulation (UK GDPR)
Notifiable Data Breaches (NDB) scheme (Australia)
Cybersecurity frameworks recommended by the Australian Cyber Security Centre (ACSC)
Education-specific data protection requirements as applicable in Australia, New Zealand, and the UK
Compliance with these regulations is reviewed regularly, and necessary actions are taken to ensure continued adherence to evolving security and privacy obligations.
3. Information Security Roles and Responsibilities
Timetabling Solutions defines clear roles and responsibilities to maintain the effectiveness of its ISMS:
Timetabling Solutions Board of Directors: Responsible for endorsing and promoting the ISMS, ensuring adequate resources are available, and reviewing security performance.
General Manager, Director of Software and Cloud Manager: Oversee the implementation, monitoring, and continual improvement of the ISMS, ensuring compliance with ISO 27001 and relevant regulations.
IT and Development Teams: Responsible for implementing security controls, monitoring system integrity, and managing vulnerabilities and incidents.
All Employees and Contractors: Required to comply with security policies, undergo security awareness training, and report security incidents promptly.
4. Communication and Awareness
Timetabling Solutions recognises that maintaining a strong security posture requires ongoing communication and awareness initiatives. To ensure management remains informed and proactive in addressing privacy and security risks:
Regular security briefings are conducted to update management on emerging threats, vulnerabilities, and compliance requirements.
Incident reports and security metrics are reviewed periodically to assess risks and implement improvements.
Employees receive ongoing security awareness training to reinforce their role in protecting sensitive information.
A clear escalation process is in place for reporting security concerns, ensuring timely response and resolution.
This ISMS statement is reviewed regularly to ensure continued alignment with our business objectives, regulatory obligations, and industry best practices.
The purpose of the ISMS is to proactively and actively identify, mitigate, monitor and manage information security vulnerabilities, threats and risks in order to protect Timetabling Solutions people, clients, suppliers, information, data and assets.
We are committed to:
- Complying to all applicable laws and regulations, contractual obligations and the continual improvement of the ISMS
- Making our policy easily available and known to interested parties
- Provide all the resources of equipment, training and competent staff and any other requirements to enable these objectives to be met
- Ensure that all employees are made aware of their individual obligations in respect of this information security policy
- Adopt a forward-thinking approach on future business decisions, including the continual review of risk evaluation criteria, which may impact on Information Security
Responsibility for upholding this policy is company-wide we actively encourage all our people to address information security as part of their skills.
The policy has been approved by the Directors and is reviewed annually or sooner should a significant change occur in order to ensure its continuing suitability, adequacy and effectiveness.
Approved by:
Michael Wood
Chairperson
Updated 27th March 2025