INFORMATION SECURITY POLICY STATEMENT

OBJECTIVE

The objective of information security is to ensure the business continuity of EyeSee and to minimize the risk of damage by preventing security incidents and reducing their potential impact.

POLICY

• The policy’s goal is to protect the organization’s informational assets1 against all
• internal, external, deliberate, or accidental threats.
• The CEO has approved the information security policy and supports active
• acknowledgment of its values among all interested parties.
• The security policy ensures that:
  • Confidentiality of information will be assured
  • The integrity of information will be maintained
  • Availability of information for business processes will be maintained
  • Legislative and regulatory requirements will be met
  • Business continuity plans will be developed, maintained and tested2
  • Information security training will be available for all employees
  • All actual or suspected information security breaches will be reported to the
  • Information Security Manager and will be thoroughly investigated

• Procedures exist to support the policy, including virus control measures, passwords
• and continuity plans.
• Business requirements for the availability of information and systems will be met within
• requirements of the ISO/IEC 27000 series of standards.
• The Information Security Manager is responsible for maintaining the policy and
• providing support and advice during its implementation.
• All managers and process owners are directly responsible for implementing the policy
• and ensuring staff compliance in their respective departments.
• Compliance with the Information Security Policy is mandatory.