General Information
Security Policy Statement
ISO/IEC 27001:2022
Policy Statements
The organization is committed to preserving the confidentiality, integrity, and availability of its information and information systems. To support this, we have established and maintain a risk-based Information Security Management System (ISMS) aligned with ISO/IEC 27001:2022.
This policy reflects top management's commitment to:
- Protecting organizational, customer, and stakeholder information
- Ensuring compliance with legal, regulatory, and contractual obligations
- Minimizing business disruption from information security threats
- Promoting continual improvement of our ISMS
Objectives
Our primary information security objectives are to:
Data Protection
Safeguard all organizational and customer data
Improve Resilience
Enhance our ability to withstand security threats
Close Audit Findings & Rollouts
Address audit findings and implement improvements
Perform Risk Mitigation
Identify and mitigate information security risks
These objectives are reviewed annually as part of the ISMS management review.
Scope
This policy applies to:
All employees, contractors, consultants, and third-party users
All organizational units, systems, locations, and data assets
All forms of information (digital, physical, verbal) and processing environments
It encompasses all activities that involve the creation, processing, storage, communication, and disposal of information under the organization's control.
Leadership Commitment
Top management shall:
Establish and maintain an ISMS in line with ISO/IEC 27001:2022
Define and communicate roles, responsibilities, and authority for information security
Allocate appropriate resources to achieve ISMS objectives
Lead by example in promoting a security-aware culture
Integrate information security into strategic and operational planning
Risk Management
Information security risks shall be:
Identified, assessed, and treated
In accordance with our Risk Assessment and Treatment Procedure
Managed continuously
To reflect changes in threats, vulnerabilities, and business priorities
Aligned with business risk framework
Integration with our overall business risk management framework
Compliance
The organization is committed to fulfilling:
Applicable legal, regulatory, and contractual obligations related to information security
Internal requirements, including policies, standards, and procedures
Monitoring and audit processes to ensure adherence
All personnel are expected to comply with this policy and associated requirements. Non-compliance may result in disciplinary action.
Continual Improvement
The ISMS shall be continually improved through:
Regular Audits
Internal audits and management reviews
Risk Monitoring
Risk and performance monitoring
Incident Response
Prompt and effective treatment of incidents and nonconformities
Communication
This policy shall be:
- ApprovalApproved by top management
- CommunicationCommunicated to all personnel and relevant external parties
- AvailabilityAvailable to interested parties upon request
- Review CycleReviewed annually or following significant changes
This policy is reviewed annually or following significant changes to business, risk, or compliance context.
For questions regarding our Information Security Management System, please contact our ISMS team.