INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS) POLICY

The purpose of this ISMS Policy is to protect ScITech Consulting and Solutions Ltd. information assets from all threats, whether internal or external, deliberate or accidental, to ensure business continuity, minimize business damage, and maximize return on investments and business opportunities. This policy applies to all information, information systems, networks, applications, locations, and users of ScITech Consulting and Solutions Ltd. or any third parties accessing the company's information systems.

To establish and maintain a framework to ensure the effective management and implementation of information security. To assess and mitigate risks associated with the storage, processing, and transmission of information. To protect the confidentiality, integrity, and availability of information. Information security is a business responsibility shared by all members of ScITech Consulting and Solutions Ltd. All employees must comply with information security procedures and controls. Regular training and awareness programs will be conducted to ensure employee competence in handling information securely.

A consistent and comprehensive risk management process will be adopted to identify, evaluate, and manage information security risks. Appropriate controls will be selected and implemented to mitigate identified risks. The company will comply with all applicable laws, regulations, and contractual obligations. Regular audits will be conducted to ensure compliance with this policy, and findings will be addressed promptly.

This policy will be reviewed annually and updated as necessary in response to feedback, changes in technology, business operations, or legal requirements. Violations of this policy will be dealt with promptly and may result in disciplinary action, including termination of employment.


Last Update: 01 June 2024