INTEGRATED MANAGEMENT SYSTEM (IMS) POLICY

Document No: POLICY-GLOBAL-0026

CAE IMS Policy and Objectives

Purpose and Scope

The purpose of this document is to state CAE’s IMS Policy.

Responsibilities

CAE’s Board of Directors – To maintain the content of this policy.

CEO – Will amend and approve this policy.

HSQE – To amend and release the policy in Proquis.

All CAE employees must adhere to this policy and help achieve the objectives.

Definitions

Term or Acronym/Abbreviation & Definition

  • Integrate Management System (9001, 27001 & 14001)
  • HSQE = Health & Safety Quality Environment Manager
  • CAE = CAE Technology Services
  • CEO = Chief Executive Officer

References

IMS Manual-Quality-002
Annex 1 Quality commitment
Annex 2 IT Security commitment
Annex 3 Environmental commitment

Policy

CAE Technology Services are committed to providing Quality IT solutions to meet requirements of existing and prospective clients and ensure that all services and systems provided meet or exceed those required for Quality, Environmental and Information Security performance.

We strive to provide environmentally friendly products and services based on the information security principles which delight our customers.

Our Integrated Management System is realised through:

  • Analysing the customer needs and expectations and assessing the level of satisfaction with our services or delivered products,
  • Commitment to the protection of the environment by preventing pollution through effective control of emissions to air, water, land and waste management,
  • Use of technologies and solutions with high and proven standards and partnership with the manufacturer for ensuring compliance of the organisation with legal and other requirements,
  • Raising skills, awareness and involvement of employees to work toward improving the quality of products and services and information security as well as the environmental performance,
  • Ensuring the confidentiality, integrity and availability of information,
  • Managing the physical security of the organisation & customers’ assets,
  • Management of incidents and non-conformances related to services, products & information security,
  • Continually reviewing the suitability of the IMS policies, procedures and working practices.

This policy will be reviewed annually by the management board and will be communicated to all employees and persons working for or on behalf of CAE and will be made available to the public and any other interested parties on request.

Authorised by the CEO

Annex 1: Our Quality Commitment

The quality commitment has been established to be consistent with the purpose and context of our organization. It provides a framework for the setting and review of objectives in addition to our commitment to satisfy applicable customers’, regulatory and legislative requirements as well as our commitment to continually improve our management system.

Customer focus: As an organization we have made a commitment to understand our current and future customers’ needs; meet their requirements and strive to exceed their expectations.

Leadership: Our Top Management have committed to creating and maintaining a working environment in which people become fully involved in achieving our objectives.

Engagement of people: As an organization we recognise that people are the essence of any good business and that their full involvement enables their abilities to be used for our benefit.

Process approach: As an organization we understand that a desired result is achieved more efficiently when activities and related resources are managed as a process or series of interconnected processes.

Improvement: We have committed to achieving continual improvement across all aspects of our quality management system; it is one of our main annual objectives.

Evidence-based decision making: As an organization we have committed to only making decisions relating to our IMS following an analysis of relevant data and information.

Relationship management: CAE recognises that an organization and the relationship it has with its external providers are interdependent and a mutually beneficial relationship enhances the ability of both to create value.

Annex 2: Our IT Security Commitment

Information is a major asset that CAE has a responsibility and requirement to protect. The confidentiality, integrity, and availability of information is critical to the functioning, service delivery, and good governance of CAE. Failure to adequately secure information increases the risk of financial and reputational losses from which it may be difficult to CAE to recover.

CAE is committed to a robust implementation of information security systems and to ensure the appropriate confidentiality, integrity, and availability of our data, including data we process on behalf of our clients, suppliers and partners.

Information Security principles

  • Information should be classified at an appropriate level of confidentiality, integrity and availability,
  • All users must handle information in accordance with its classification level,
  • Information should be both secure and available to those with a legitimate need for access in accordance with its classification level,
  • Information should be protected against unauthorised access and processing.

Compliance

CAE is committed to establishing and maintaining policies and procedures that ensure compliance with relevant legislation, including but not necessarily limited to:

  • Data Protection Act 2018
  • GDPR 2018
  • Computer Misuse Act
  • Electronic Communication Act
  • Copyright Act
  • We also endeavour to comply with customer contracts and SLAs where appropriate.

Incident Handling

if an employee or unauthorised user is aware of a security incident then they must report it to the Information Security Advisory Group via ISAG@caeuk.com

Annex 3: Our Environmental Commitment

We are committed to reducing the impact of our operations on the environment, where possible. Which means cover all aspects of the company’s activities to ensure we constantly find a way to safeguard the environment in which we live.

Pollution Prevention: We actively work to prevent pollution by our facilities. Our goal is to divert 100% of our facility waste from the landfill.

This will be achieved by monitoring the sources of waste and their disposal. We then work to reduce the amount of waste produced wherever possible, for example; we choose reusable packaging and shipping material.

The products we resell are robust enough to last a long time often backuped with lifetime warranties. While an alternative product may be replaced several times over the life span, the longer life span of products greatly reduces their impacts on the environment.

Energy Efficiency: We are committed to responsible energy management throughout our organisation. This is materialised by reducing office energy consumption, having a vehicle fleet with a low energy rating, encouraging the employees to opt for electric car by making charger plugs available and finally, using low energy equipment.

Our Employees: We will be fostering the commitment of all management and staff towards improving the environmental performance of the organisation.

Continual Improvement: We will establish a benchmark based on historical data to assess progress regularly to work towards reduction of energy use and waste.

Local Communities: We will continue supporting causes pertinent to the communities by initiating, supporting and encouraging charitable and volunteering activities.