ISMS Policy

This policy acts as an umbrella document to all other security policies and associated standards. This policy defines the responsibility to:

• Protect and preserve the confidentiality, integrity, and availability of the organization’s information assets and associated infrastructure.
• Identify, assess, and manage risks related to potential information security threats, vulnerabilities, or compromises.
• Ensure a secure, reliable, and resilient Information Technology (IT) environment that supports the organization’s operational and business objectives.
• Establish mechanisms to detect, report, and respond promptly to incidents involving information asset misuse, loss, unauthorized access, or disclosure.
• Continuously monitor information systems and networks for anomalies or suspicious activities that may indicate potential security breaches or compromises.
• Promote and strengthen information security awareness, responsibility, and best practices across the organization.
• Continuously improve the effectiveness of the Information Security Management System (ISMS) through regular monitoring, review, internal audits, management evaluation, and implementation of corrective actions.