Integrated Quality & Information Security Policy

2. Integrated Quality & Information Security Policy

Document Name: Integrated Quality & Information Security Policy
Version: 1.0
Approved by: Directors, Immercial Limited
Review Frequency: Annual

2.1 Policy Statement

Immercial Limited is committed to delivering consistent, high-quality commercial consultancy services while protecting the confidentiality, integrity, and availability of information entrusted to us.

This Integrated Quality & Information Security Policy establishes the overarching principles governing how Immercial manages service quality and information security in a manner proportionate to the scale, complexity, and risk profile of a micro-company consultancy.

2.2 Policy Framework

This policy operates as part of Immercial’s Integrated Management System (IMS), which aligns with the intent and requirements of:

• ISO 9001 — Quality Management

• ISO 27001 — Information Security Management

The IMS is built around Immercial’s proprietary delivery frameworks, including the IMME Method™, supported by documented governance, licensing, and operational controls.

2.3 Quality Commitment

Immercial is committed to:

• Delivering consultancy services that meet agreed client requirements

• Applying structured, repeatable delivery methods

• Maintaining accuracy, consistency, and clarity in all commercial outputs

• Monitoring service performance and client feedback

• Implementing proportionate corrective and improvement actions

• Continually improving systems, methods, and outcomes

Quality is embedded through controlled methodologies, standardised templates, and documented delivery processes rather than ad-hoc or informal practices.

2.4 Information Security Commitment

Immercial is committed to protecting information assets by:

• Applying risk-based information security controls

• Restricting access to authorised users only

• Protecting proprietary intellectual property, benchmarks, and methodologies

• Safeguarding client and commercial information

• Maintaining appropriate technical and organisational controls

• Responding appropriately to information security incidents

• Supporting business continuity and system availability

Information security controls are designed to be effective, proportionate, and practical for a digital-first consultancy.

2.5 Governance & Public Policy Alignment

Immercial maintains a number of governance, legal, licensing, and policy documents as controlled public documents on its website IMS hub.

These include, but are not limited to:

• Governance & Compliance Framework

• Licensing & IP controls

• Consultancy Agreements

• Terms of Sale

• Charge-Out Fees

• Implementation Guides

These documents form part of the IMS by reference and are not duplicated internally to avoid inconsistency or version conflict.

2.6 Roles & Responsibilities

Senior management is responsible for:

• Establishing and maintaining this policy

• Ensuring the IMS remains appropriate and effective

• Reviewing performance, risks, and improvement opportunities

• Providing resources proportionate to operational needs

All personnel are responsible for:

• Following documented processes

• Protecting information assets

• Reporting quality or security concerns where identified

2.7 Review & Continual Improvement

This policy is reviewed at least annually as part of management review activities or sooner where significant organisational, operational, regulatory, or risk changes occur.

Improvements to the IMS are implemented based on performance monitoring, risk assessment, audit findings, and feedback.