Information Security Policy Summary

Purpose

To protect SSI’s information and associated assets from internal and external threats, ensuring the availability, confidentiality, and integrity of data.

Scope

This policy applies to all SSI’s information assets, including data stored or processed on cloud platforms, servers, laptops, mobile devices, and other digital or physical mediums. It encompasses SSI’s software design, development, and technological solutions.

Key Commitments

  • Ensure information accessibility for authorized users while safeguarding it from unauthorized access.
  • Maintain the accuracy and completeness of information and its processing methods.
  • Comply with legal, regulatory, and contractual requirements.
  • Respond swiftly to security incidents and maintain robust business continuity plans.
  • Regularly train employees and relevant stakeholders on information security practices.

Objectives

  • Achieve and maintain ISO/IEC 27001:2022 certification.
  • Protect confidentiality, integrity, and availability of information.
  • Continuously improving the Information Security Management System (ISMS).
  • Align security objectives with business strategies and risk assessments.

Governance and Framework

SSI’s ISMS is guided by a comprehensive governance framework focusing on risk management, legal compliance, and promoting a security-conscious culture. Key measures include:

  • Risk assessment and treatment plans.
  • Incident reporting mechanisms.
  • Backup and contingency strategies.
  • Regular audits and monitoring for continual improvement.

Review and Improvement

The policy is reviewed annually or after significant organizational changes. SSI commits to evolving its processes to align with best practices and stakeholder expectations.

Contact

For more information on our Information Security practices, please contact infosec@ssidecisions.com.