The objective of managing information security is to ensure business continuity and minimize damage by preventing and minimizing impact of security incidents. In deploying Compunnel Information Security Management System (ISMS), the management aims to maintain existing known risks at their current low level and ensure that new and changing risks are managed in equally consistent and professional manner.
The purpose of this policy is to protect both Compunnel and its customer assets from threats whether internal or external, deliberate or accidental. Protection to information is set out in terms of:
- Confidentiality: ensures that only authorized people have access to information.
- Integrity: ensures purity, accuracy and completeness of information.
- Availability: ensures that only authorized people have access to information, associated assets, and systems when required.
- Regulatory: Includes regulations, laws and codes of practices applicable to each country where it operates as a minimum standard in its information security management standard.
In particular Compunnel will:
- Ensure that its management and employees comply with the requirements of the security policy.
- Define a systematic approach to risk assessment by identifying a method that suits ISMS, the identified business information security, legal and regulatory requirements.
- Minimize risk to company assets, information, reputation, hardware, software or data.
- Set policy and objectives for ISMS to reduce risk to acceptable levels and determine criteria for accepting the residual risks Ensure Continual Improvement of the established, Documented and Implemented ISMS.
- All Managers are directly responsible for implementing the policy within their business areas, and for adherence by their team members.
It is the responsibility of every employee and associate to adhere to the security policy. Failure to do so may result in disciplinary action.
The Chief Information Security Officer (CISO) has direct responsibility for maintaining the Security Policy and offering advice and guidance on its implementation.
This policy has been approved by the company management and shall be reviewed by the management team annually or as and when required.