ISMS Policy
Introduction
The purpose of this Information Security Management System (ISMS) Policy is to establish and maintain an effective information security management system to ensure the confidentiality, integrity, and availability of Cod Wise’s information assets. This policy applies to all employees, contractors, and third-party users of Cod Wise.
Objectives
- Protect the confidentiality, integrity, and availability of information.
- Comply with relevant legal, regulatory, and contractual requirements.
- Manage risks to information assets effectively.
- Promote a culture of information security awareness.
Scope
This policy applies to all information assets, including but not limited to, data, systems, networks, and processes used by Cod Wise.
Information Security Principles
- Confidentiality: Ensure that information is accessible only to those authorized to have access.
- Integrity: Safeguard the accuracy and completeness of information and processing methods.
- Availability: Ensure that authorized users have access to information and associated assets when required.
Roles and Responsibilities
Management
- Ensure the implementation and continuous improvement of the ISMS.
- Provide necessary resources for the ISMS.
- Promote a culture of information security within the organization.
Information Security Officer (ISO)
- Develop and maintain the ISMS.
- Conduct risk assessments and manage risk treatment plans.
- Ensure compliance with this policy and related procedures.
- Report on the performance of the ISMS to management.
Employees and Contractors
- Comply with the ISMS policy and related procedures.
- Report security incidents and vulnerabilities.
- Participate in information security awareness training.
Risk Management
- Conduct regular risk assessments to identify threats, vulnerabilities, and impacts to information assets.
- Implement appropriate controls to mitigate identified risks to acceptable levels.
- Review and update risk assessments and controls regularly.
Access Control
- Ensure access to information assets is based on business requirements and granted on a need-to-know basis.
- Implement strong authentication and authorization mechanisms.
- Regularly review and update access rights.
Incident Management
- Establish and maintain an incident management process to detect, report, and respond to information security incidents.
- Ensure timely investigation and resolution of incidents.
- Conduct post-incident reviews to prevent recurrence.
Information Security Awareness and Training
- Provide regular information security awareness training to all employees and contractors.
- Ensure that employees understand their responsibilities regarding information security.
Physical and Environmental Security
- Implement physical security measures to protect information assets from unauthorized access, damage, and interference.
- Ensure environmental controls are in place to protect information processing facilities.
Compliance
- Ensure compliance with relevant legal, regulatory, and contractual requirements related to information security.
- Conduct regular internal and external audits to verify compliance.
Continuous Improvement
- Monitor and review the ISMS regularly to ensure its effectiveness.
- Implement improvements based on audit findings, risk assessments, and feedback from stakeholders.
Policy Review
This ISMS policy will be reviewed annually or in response to significant changes in our operations, regulatory requirements, or information security landscape.
Contact Information
For any questions or concerns regarding this ISMS policy, please contact:
- ISMS Manager: Shayan Ali
- Email: Info@codwise.com
