Information Security Policy
The company’s policy is to continuously exercise due diligence to protect information systems from leakage, unauthorised access, use, disclosure, destruction, modification, disruption, or distribution.
This will ensure that the Company’s reputation with our clients is maintained through confidentiality, integrity and availability.
The Executive Leadership will ensure business, legal, regulatory requirements and contractual security obligations are taken into account.
The IT Administration Team bears the responsibility for establishing and maintaining the system and undertakes to ensure its integrity is maintained through instruction and training of its personnel. Each employee has a proper understanding of what is required of them.
This will in part be done by continuous vulnerability management, which involves the scanning of hosts for outdated software and the immediate updating of systems that are deemed outdated.
Equally, every employee has a personal responsibility to maintain this integrity. To support this, employees are required to send any security concerns or issues to any of the members of the IT Administration Team.
Further, the IT Administration Team and Executive Leadership will ensure any subcontractor employed for a particular function will meet the requirements specified and accept responsibility for their actions.
The Company has a policy of continuous improvement and objective setting in line with ISO 27001:2005 Standard.
The Information Security Management System will be monitored regularly under the Executive Leadership’s ultimate responsibility with regular reporting of the status and effectiveness at all levels.