ISO/IEC 27001 – Information security management
Pentation Analytics Information Security Management Policy is committed to protecting the company’s reputation,contracts, employees, properties, information assets, reputation and Customer’s assets from potential threats in operations and otherwise.
This policy is guided by the company’s basic core values, code of conduct, business ethics and information security standards,and it fashions the way we operate. All security activities must adhere to the general principles laid down below:
- The company management, employees and contractors must always be aware of and take responsibility for the information and Data security aspects of the company’s business activities.
- Information security preparedness, threat analysis and risk evaluations should be conducted under the guidance of the Chief Information security officer (CISO) on a planned and regular basis and observations recorded and reported to the company management.
- Data security related “Incident prevention” must be accorded priority for all external and internal engagements.
- Security measures and procedures must be subject to regular inspections, validations and verifications by security auditor so as to maintain high security standards operations.
- Data handling by the company management, employees and contractors need to adhere to the requirement and regulation.
- Appropriate training plans, recruitment, contracting and termination procedures must be established and implemented.
- All incidents, including security breaches and irregularities must be reported to the company management & company board and recorded. Corrective action should be taken and followed up through regular verifications to improve the overall security standard.
This policy has been approved by the Management of Pentation Analytics. It will be reviewed, and if necessary revisions effected, annually to keep up to date. We welcome interested partie’s comments on the enforcement of the policy and the policy itself.