Proof Positive Logo

Information Security Policy

Our commitment is to safeguard the confidentiality, integrity, and availability of all our information assets. In pursuit of this commitment, we will establish, maintain, and continuously enhance an information management system compliant with ISO 27001 standards.

Our policy dictates the following:

  • Protection of Information Assets: We are dedicated to shielding all our information assets from any compromise in confidentiality, integrity, or availability.
  • Risk Mitigation: Our aim is to minimize risks associated with theft, loss, misuse, damage, or abuse of these assets.
  • Regulatory Compliance: We ensure that information users are well-informed about and adhere to prevailing information security regulations and legislation.
  • Secure Working Environment: We provide a secure information system working environment for our staff and other authorized users.
  • User Awareness and Compliance: We emphasize that all authorized users fully understand and adhere to this policy, as well as related policies and procedures.
  • Organizational Protection: Our goal is to safeguard the organization from liability or harm stemming from the misuse of its information.
  • User Responsibility: We enforce that all users recognize their personal responsibilities for preserving the confidentiality and integrity of the information they handle.

We will perform regular assessments of information security risks through our risk assessment process and establish the necessary controls to mitigate these risks.

Furthermore, we will define information security objectives and improvement actions aligned with this policy and our information security risks. We will routinely evaluate progress against these objectives through our ‘Management Review’ process.

To gauge the effectiveness of our information management system and identify potential enhancements, we will monitor access to and utilization of our information.

In the event that any staff member or authorized user suspects or detects a breach of information security, they are obligated to promptly notify a member of management. Should a suspected or actual security breach occur, we reserve the right to disable or remove any users, data, or assets necessary to secure our information systems.

This policy extends to all individuals accessing our information, including employees, visitors, contractors, and other parties. It encompasses the use of all our information assets, as well as privately owned systems connected directly or indirectly to our information systems, and owned or licensed software/data.

Non-compliance with this policy may result in disciplinary measures, including dismissal or legal action. In the case of contractors failing to comply with this policy, their contract may be terminated, and relevant authorities, including law enforcement, may be informed.