Information Security Policy
1. Purpose, Scope, and Users
DXS International is committed to ensuring the confidentiality, integrity, and availability of its information assets. The Information Security Policy outlines the principles and guidelines that govern the management of information security within the organisation. It provides a framework for establishing, implementing, maintaining, and continually improving our information security management system in accordance with ISO 27001:2022 and applicable legal and regulatory requirements.
This policy applies to all employees, contractors, suppliers, and any other personnel who have access to DXS International information assets, systems, and networks.
2. Reference Documents
ISO/IEC 27001 standard, clauses 5.2 and 5.3 PLCY-ISMS-00088 2.0 released. Approved on 23 February 2024. Released on 23 February 2024.
ISMS Scope Document
Risk Assessment and Risk Treatment Methodology
Statement of Applicability
List of Legal, Regulatory, and Contractual Obligations
3. Information Security Objectives
Our information security objectives are:
- Protecting the confidentiality, integrity, and availability of information assets.
- Complying with relevant laws, regulations, and contractual obligations related to information security.
- Ensuring the proper management of information risks.
- Promoting awareness and providing training to all personnel regarding information security.
- Continually improving the effectiveness of our information security management system.
4. Information Security Roles and Responsibilities
4.1 Top Management
Top Management is responsible for:
- Providing leadership and commitment to information security.
- Establishing the information security policy and objectives.
- Allocating necessary resources to implement and maintain information security controls.
- Reviewing the effectiveness of the information security management system.
4.2 Information Security Manager
The Information Security Manager is responsible for:
- Developing, implementing, and maintaining the information security management system.
- Conducting risk assessments and ensuring appropriate controls are in place.
- Monitoring compliance with information security policies and procedures.
- Reporting on the effectiveness of information security controls to senior management.
4.3 Employees
All employees are responsible for:
- Complying with the information security policies, procedures, and guidelines.
- Safeguarding information assets and reporting any suspected security incidents.
- Participating in information security training and awareness programs.
5. Policy Implementation (Framework)
5.1 Risk Management
We employ a risk-based approach to information security. Risk assessments are conducted regularly to identify, assess, and mitigate information security risks. Risk treatment plans are developed and implemented to address identified risks.
5.2 Information Security Controls
Information security controls are implemented to protect information assets from unauthorised access, disclosure, alteration, destruction, and disruption. These controls include, but are not limited to:
- Access controls, including user authentication and authorisation mechanisms.
- Encryption and cryptographic controls.
- Incident response and business continuity management processes.
- Physical security measures to protect information assets and resources.
- Security awareness and training programs for employees.
- Change management and configuration control for information systems.
5.3 Incident Management
Procedures for the reporting, assessment, and management of security incidents are established. All security incidents must be promptly logged in the service management system and assigned to the Information Security Manager or designated personnel. Incident response plans are developed, tested, and reviewed periodically to ensure their effectiveness.
5.4 Compliance
We are committed to complying with all applicable legal, regulatory, and contractual requirements related to information security. We regularly assess our compliance status and take appropriate actions to address noncompliance issues.
5.5 Training and Awareness
Training and awareness programs are conducted to ensure that all personnel understand their role and responsibilities in relation to information security. Employees receive appropriate training to enhance their awareness of information security risks and the importance of complying with information security policies and procedures.
5.6 Monitoring and Review
Regular monitoring and review of the information security management system are conducted to ensure its continued effectiveness. Internal audits are performed to assess compliance with information security policies.
