Information Security Policy

Purpose

We are committed to protecting the confidentiality, integrity, and availability of all information entrusted to us. Our Information Security Management System (ISMS) is aligned with ISO/IEC 27001:2022 standards and designed to safeguard client data, business information, and operational systems.

Scope

This policy applies to the in-scope information assets processed by our organization, digital systems, networks, applications, and physical documents. It covers employees, suppliers, and service providers/third parties who interact with our information systems.

Our Commitment

• Maintain compliance with ISO/IEC 27001:2022 and relevant legal, regulatory, and contractual requirements such as GDPR/DPA2018 and relevant laws, regulations.
• Implement robust security controls based on risk assessments and Annex A of ISO/IEC 27001.
• Protect personal and business data throughout its lifecycle.
• Continuously improve our ISMS through regular reviews, audits, and stakeholder feedback.
• Adopting best practices from various technical standards for enhanced security and privacy.

Objectives

• Ensuring Confidentiality: Preventing unauthorized access or disclosure of information.
• Ensuring Integrity: Protecting information from unauthorized alteration or corruption.
• Ensuring  Availability: Maintaining reliable access to information and systems when needed.
• Ensuring secure handling of data by employees and service providers, suppliers.

Continuous Improvement

We regularly review and enhance our security measures to address emerging threats and maintain resilience. Our approach includes monitoring, risk treatment, and proactive improvement initiatives. To report an incident please use the following: