Loading...

Security Policy

Information Security Policy

Purpose and Scope

The objective of this Information Security Policy is to set high-level policies and principles for information security within our organization. It applies to all employees, contractors, vendors, and partners who interact with our information systems and technology.

Objectives

Our information security policy aims to:

  1. Confidentiality: Protect confidential information by limiting access, storage, and use.
  2. Integrity: Ensure that our systems operate as intended, prevent unauthorized changes, and minimize human error to the best of our ability.
  3. Availability: Guarantee that employees can rely on our systems for their work.

Key Principles

  1. Access Control: We control access to information, prevent data breaches, and safeguard sensitive data.
  2. Change Management: We establish robust change control processes to maintain system integrity.
  3. Data Retention: We retain data according to legal and business requirements.
  4. Risk Management: We assess and manage information security risks effectively.
  5. Awareness and Training: We educate our team on security practices and responsibilities.
  6. Acceptable Use: We define acceptable use of company resources.
  7. Clear Desk and Clear Screen: Employees maintain clean workspaces and lock screens when away.
  8. Business Continuity: We ensure continuity during disruptions.
  9. Backup and Recovery: We regularly back up critical data and test recovery procedures.
  10. Malware and Antivirus: We protect against malicious software.
  11. Third-Party Supplier Security: We assess and manage third-party risks.
  12. Continual Improvement: We review and enhance our security measures.
  13. Logging and Monitoring: We monitor system activities and respond to incidents.
  14. Network Security: We secure our network infrastructure.
  15. Physical and Environmental Security: We safeguard physical assets.
  16. Cryptographic Key Management: We manage encryption keys securely.
  17. Document and Record Management: We maintain accurate records.
  18. Information Transfer: We protect data during transfer.
  19. Secure Development: We follow secure coding practices.

Compliance

This policy complies with ISO 27001 requirements and is approved by management. It is communicated to all employees and third-party users.

Ownership

The Chief Information Security Officer (CISO) is responsible for maintaining and updating this policy.