General Information Security Policy Statement ISO/IEC 27001:2022

Version 1.0, 17.09.2025

1. Policy Statements

The organization is committed to preserving the confidentiality, integrity, and
availability of its information and information systems. To support this, we have
established and maintain a risk-based Information Security Management System
(ISMS) aligned with ISO/IEC 27001:2022.

This policy reflects top management’s commitment to:

  • Protecting organizational, customer, and stakeholder information;
  • Ensuring compliance with legal, regulatory, and contractual obligations;
  • Minimizing business disruption from information security threats;
  • Promoting continual improvement of our ISMS.

2. Objectives

Our primary information security objectives are to:

  • Data Protection,
  • Improve Resilience,
  • Close Audit Findings & Rollouts,
  • Perform Risk Mitigation.

These objectives are reviewed annually as part of the ISMS management review.

3. Scope

This policy applies to:

  • All employees, contractors, consultants, and third-party users;
  • All organizational units, systems, locations, and data assets;
  • All forms of information (digital, physical, verbal) and processing
    environments.

It encompasses all activities that involve the creation, processing, storage,
communication, and disposal of information under the organization’s control.

4. Leadership Commitment

Top management shall:

  • Establish and maintain an ISMS in line with ISO/IEC 27001:2022;
  • Define and communicate roles, responsibilities, and authority for information
    security;
  • Allocate appropriate resources to achieve ISMS objectives;
  • Lead by example in promoting a security-aware culture;
  • Integrate information security into strategic and operational planning.

5. Risk Management

Information security risks shall be:

  • Identified, assessed, and treated in accordance with our Risk Assessment and
    Treatment Procedure;
  • Managed continuously to reflect changes in threats, vulnerabilities, and
    business priorities;
  • Aligned with our overall business risk management framework.

6. Compliance

The organization is committed to fulfilling:

  • Applicable legal, regulatory, and contractual obligations related to information
    security;
  • Internal requirements, including policies, standards, and procedures;
  • Monitoring and audit processes to ensure adherence.
    All personnel are expected to comply with this policy and associated requirements.
    Non-compliance may result in disciplinary action.

7. Continual Improvement

The ISMS shall be continually improved through:

  • Regular internal audits and management reviews;
  • Risk and performance monitoring;
  • Prompt and effective treatment of incidents, nonconformities, and
    opportunities for improvement.

8. Communication

This policy shall be:

  • Approved by top management;
  • Communicated to all personnel and relevant external parties;
  • Available to interested parties upon request;
  • Reviewed annually or following significant changes to business, risk, or
    compliance context.