Information security policy

Information security policy

Shireburn Software Ltd. is a business software development company established in 1983. We develop business solutions that can transform and empower people and organisations to work together more efficiently.

With a track record of development of a string of internationally successful software products, our team continues to innovate and lead the market, developing applications aimed at specific niche business needs.

Indigo People is used by over 7,400 companies with more than 150,000 employee subscriptions. The Shireburn Business Suite has over 3,000 companies with over 2,800 users managing their business through platform.

Our security goal is clear:

“Our goal is to detect and reduce any potential risks that may impact the confidentiality, integrity and availability of data and information being hosted on our own infrastructure, as well as of that hosted at our listed our sub-contractors and sub-processors.”

To achieve this, we have implemented an information security management system, which together with our quality management system, provide a systemic approach to improve the internal operations, product design and development, and customer service.

  • Continue to be recognised as a trusted brand name by our clients, by retaining the ISO27001 and ISO9001 internationally recognised certification, initially obtained in 2019.
  • Continuously promote information security to all levels of staff by yearly training and other activities.
  • Maintain compliance with GDPR, and other regulations with affect our internal organisation as well as the product and services offered.
  • Maintain compliance with all the agreements with which we are bound.
  • Be committed to business continuity by:
    • Protecting our knowledge and intellectual property
    • Reviewing and re-evaluating our suppliers
    • Being prepared in case of disruption by documenting and testing out business continuity scenarios.
  • Be committed to satisfy applicable requirements related to information security, whilst improving our integrated management systems.

Our security and technology policies:

  • Information security policy – this policy highlights the general guidelines and principles for the management of security within Shireburn.
  • Acceptable use policy – this policy highlights the acceptable behaviour to reduce risks with by the best use of the systems and data handling.
  • Mobile device policy – this policy highlights the guidelines for the use of mobile devices and remote connectivity requirements.
  • Information classification policy– this policy highlights the way data should be classified and the appropriate labelling.
  • Access control policy – this policy highlights the guidelines on the access to information assets, monitoring and periodical review.
  • Password management policy – this policy highlights the best practices in user and password management and related policies in place.
  • Encryption policy – this policy highlights the encryption and cryptographic techniques for secure data transmission.
  • Clear desk policy – this policy highlights the measures to effectively protect paper and electronic media, even when unattended.
  • Data backup policy – this policy defines the backup, testing and restore process.
  • Vulnerability and patch management policy – this policy highlights the requirements for security patch management of all the software and hardware.
  • Supplier security policy – this policy highlights the requirements needed to select, engage, monitor and off-board suppliers.

Further detailed information on security features present in our organisation and products can be found here:

Our certifications can be found here: