logo

Information & Cyber Security Policy

We commit to put in place and proactively manage an Information & Cyber Security Management System (ISCSMS) designed to protect the various aspects of business information and information processing facilities through implementation of controls on Confidentiality, Integrity and Availability along with developing capabilities to Identify, Protect, Detect, Respond and Recover from adverse events. We will strive to provide a secure work environment to our employees and interested parties.

We believe in continually improving our management system by periodically reviewing our management system and its associated controls.

We have established an Information Security Committee to provide management support for information and cyber security objectives within the company and strive to develop and implement relevant and cost-effective controls by:

  1. Classifying all business and customer information as per sensitivity;
  2. Proactively assessing information assets risks and implementing practical and cost effective controls to mitigate identified risks;
  3. Controlling changes to information systems;
  4. Handling security incidents through an efficient incident response process;
  5. Complying with applicable legal, regulatory, contractual of our employees to effectively manage the policy requirements;
  6. Identifying, building and maintaining the competency of our employees to effectively manage the policy requirements;
  7. Providing continuous information security awareness and education to employees and stakeholders;
  8. Preventing interruption to business processes by implementing business continuity program;
  9. Continuously monitoring all information systems to detect and prevent unauthorized activities;
  10. Periodically reviewing this policy for its continued suitability and applicability;
  11. Providing adequate resources required to manage and support effective implementation of this policy.

It is important that all staff acknowledge their responsibility in these aspects and provide positive contribution to information and cyber security in conjunction with this policy.