Information Security Policy

 

OBJECTIVE

The Information Security Policy aims to establish a management framework for the initiation and control of information security implementation within Infinitrix.

 

APPLICABILITY

This policy applies to Infinitrix, its affiliated partners, subsidiaries, and all entities, including data processing and process control systems, in possession of or utilizing information and/or facilities owned by Infinitrix.

This policy extends to all staff/users directly or indirectly associated with Infinitrix or any entity conducting work on Infinitrix’s behalf involving the use of information assets owned by Infinitrix.

 

POLICY ENFORCEMENT AND COMPLIANCE

Compliance with this policy is obligatory, with Infinitrix managers responsible for ongoing compliance oversight within their departments. Compliance is subject to annual review by executive management and external auditors. Violations will result in disciplinary action by the ISMS Steering Committee.

The nature and severity of violations will determine disciplinary actions, which may include termination or other appropriate measures, as decided by Infinitrix Management and escalated to executive management.

 

WAIVER PROCEDURE

This policy primarily addresses information security requirements. Requests for waivers must be formally submitted to executive management, including justification and associated benefits. Waivers are valid for a maximum of one year and may be reevaluated and reapproved for up to three consecutive terms. No policy shall be granted a waiver for more than three consecutive terms.

 

POLICY MANAGEMENT

Advancements in technology and evolving business needs may necessitate periodic policy revisions. Therefore, this policy may be updated to accommodate changes, define new requirements, or enhance existing ones.

Any shortcomings in this policy shall be promptly reported to the Information Security Manager/ISMR. Policy changes necessitate approval from the CAB/Management Review Meetings. The change log will be consistently maintained and promptly updated following any modifications.

Infinitrix is dedicated to safeguarding its information assets through the implementation of information security controls that mitigate the impact of security incidents.

To create, maintain, and continually improve the Information Security Management System, and to achieve this goal, Infinitrix ensures the following:

  • Implementation of the Information Security Management System is in line with the ISO 27001:2013 standard.
  • Adherence to all aspects of ISO 27001-based ISMS in its true spirit.
  • Fulfillment of all applicable legal and contractual requirements.
  • Assurance of confidentiality, integrity, and availability of information assets through systematic deployment of security controls.
  • Establishment, maintenance, and testing of business continuity plans (DR site).
  • Evaluation of risks to all corporate assets (tangible/intangible and human), implementation of appropriate controls, and definition of mitigation and contingency plans.
  • Preservation of all corporate assets (tangible/intangible) and human resources in a secure and safe environment.
  • Provision of a conducive work environment for human resources, free from accidental and occupational hazards.
  • Training of all personnel in information security practices, roles, and responsibilities.
  • Application of all relevant data protection controls throughout the organization.
  • Protection of personal information according to applicable laws and organizational security policies when subject to different regulations.