Information Security Policy

Purpose

The Information Security Policy aims to establish an effective and elaborate information security management framework to manage the implementation of information security within Smiota.

Scope

This policy applies to all organizational aspects of Smiota and all parties, its affiliated partners or subsidiaries, including data processing and process control systems, that are in possession of, or using information and/or facilities owned by Smiota.

This policy applies to all staff/ users that are directly or indirectly employed by Smiota, its subsidiaries or any entity conducting work on behalf of Smiota that involves the use of information assets owned by Smiota.

Policy Enforcement and Compliance

Compliance with this policy is mandatory and organizational managers shall ensure continuous compliance monitoring within their departments. Compliance with the statements in this policy is a matter of annual review by the management. Any violation will result in disciplinary action by the ISMS Steering Committee.

Disciplinary action taken will depend on the severity of the violation which will be determined by the investigation. Actions such as termination or others as deemed appropriate by Smiota’s Management and can escalate to the ISMS Steering Committee.

Waiver Criteria

This policy is intended to address information security requirements. If needed, waivers can be formally submitted to the infrastructure, including justification and benefits attributed to the waiver.

Related Policies

  • Logical Security Policy
  • ISMS Management Policy
  • Information Management & Classification Policy
  • Clear Desk and Clear Screen Policy
  • Mobile Device & Teleworking Policy
  • Supplier Security Policy

Document Owner

  • ISMR

Policy Management

Technological advances and changes in business requirements will necessitate periodic revisions to policies. Therefore, this policy may be updated to reflect changes or define new or improved requirements.

Deficiencies within this policy shall be immediately communicated to the ISMR. Policy changes will require the approval of the Management during Management Review Meetings. The Change Log shall be kept current and will be updated as soon as any change has been made.

Information Security Policy

Management of Smiota is committed to protect its information assets by deploying information security controls that minimize the impact of any security incidents.

To create, maintain and continually improve the Information Security Management System and to achieve this objective, Smiota ensure the following:

  • All applicable legal and contractual requirements are fulfilled.
  • Confidentiality and integrity of information is maintained through a systematic process.
  • Business continuity plans (DR site) will be established, maintained and tested.
  • Risks to all corporate assets (tangible/intangible and human) are assessed and against all risks appropriate controls are implemented, and mitigation and contingency plans are defined.
  • All corporate assets (tangible / intangible, and people) have a secure and safe environment.
  • Conducive work environment has been provided to human resources, free from accidental and occupational hazards.
  • All personnel are trained in information security practices, roles and responsibilities.