Information Security Policy

Information Security Management System Policy Statement

Purpose

This policy statement defines the framework within which the information security management system will be managed across Smart Applications and demonstrates management commitment and support for information security management system throughout Smart Applications.

This policy is the primary policy from which all information security related policies emanate.

Scope

This policy is applicable to all Smart Applications personnel, contractors, vendors and other parties, and covers all information entrusted to or owned by Smart Applications and stored, processed, or transmitted on the organizations information systems and operated by the organization.

Information Security Objectives

Smart Applications has set the following major information security objectives:

Objective 1 – Achieve 100% protection of Confidentiality and integrity of Smart Application Information assets.

Objective 2 – Achieve 90% Information Security Awareness culture across the organisation.

Objective 3 – Provide assurance of information systems resilience – 99.6% availability.

Objective 4 – Ensure compliance to the security standards as set out by respective authorities under whose jurisdiction(s) Smart operates.

Information Security Management System Policy

Smart Applications is committed to the confidentiality, integrity and availability of her information assets and shall implement measures through the establishment.

Smart Applications is committed to continual improvement of her information security program to protect the organization’s information assets against all threats.

Smart Applications is also committed to complying with all applicable legal, regulatory and contractual requirements related to information security in her services and operations.

All users and custodians of information assets owned by or entrusted to Smart Applications shall comply with this policy and exercise a duty of care in relation to the storage, processing, and transmission of the organization’s information and information systems.