The purpose of this policy is to ensure that measures are put in place to protect corporate information and IT systems against security attacks and to mitigate the risks associated with unauthorised disclosure of information, while providing authorised users access to the information and data required to perform their duties.