Our commitment is to safeguard the confidentiality, integrity, and availability of all our information assets. In pursuit of this commitment, we will establish, maintain, and continuously enhance an information management system compliant with ISO 27001 standards.
Our policy dictates the following:
We will perform regular assessments of information security risks through our risk assessment process and establish the necessary controls to mitigate these risks.
Furthermore, we will define information security objectives and improvement actions aligned with this policy and our information security risks. We will routinely evaluate progress against these objectives through our ‘Management Review’ process.
To gauge the effectiveness of our information management system and identify potential enhancements, we will monitor access to and utilization of our information.
In the event that any staff member or authorized user suspects or detects a breach of information security, they are obligated to promptly notify a member of management. Should a suspected or actual security breach occur, we reserve the right to disable or remove any users, data, or assets necessary to secure our information systems.
This policy extends to all individuals accessing our information, including employees, visitors, contractors, and other parties. It encompasses the use of all our information assets, as well as privately owned systems connected directly or indirectly to our information systems, and owned or licensed software/data.
Non-compliance with this policy may result in disciplinary measures, including dismissal or legal action. In the case of contractors failing to comply with this policy, their contract may be terminated, and relevant authorities, including law enforcement, may be informed.