INFORMATION SECURITY POLICY
Senior management at Kivuto understands the information security needs and expectations of its interested parties both within the organization and from external parties including, amongst others, clients, suppliers, regulatory and governmental departments. The Company has recognized that the disciplines of confidentiality, integrity and availability of information in information security management are integral parts of its management function and view these as their primary responsibility and fundamental to best business practice.
To this end, Kivuto has produced this information security policy aligned to the requirements of ISO/IEC 27001:2013 to ensure that the Company:
- Complies to all applicable laws and regulations, and contractual obligations
- Implements information security objectives that take into account information security requirements following the results of applicable risk assessments
- Communicates these objectives and performance against them to all interested parties
- Adopts an information security management system comprising a security manual and procedures which provide direction and guidance on information security matters relating to employees, customers, suppliers and other interested parties who come into contact with its work
- Works closely with customers, business partners and suppliers in seeking to establish appropriate information security standards
- Adopts a forward-thinking approach to future business decisions, including the continual review of risk evaluation criteria which may impact information security
- Instructs all members of staff about the needs and responsibilities of information security management, and their role in ensuring they comply with security policies
- Constantly strives to meet and where possible exceed its customer’s expectations
- Implements continual improvement initiatives, including risk assessment and risk treatment strategies, while making best use of its management resources to better meet information security requirements
Responsibility for upholding this policy is truly company-wide under the authority of the President who encourages the personal commitment of all staff to address information security as part of their skills.
|Signed: _________________________ (President)||Date: ____/____/_______|