Information Security Policy

1. Basic Information Security Terminology

1.1. Purpose, Scope and Users

This policy defines how Information Security will be set up, managed, measured, reported on, and developed within Fiducia Data Services Limited, hereafter referred to as “Fiducia” or “the organization”.

Fiducia has decided to pursue full certification to ISO/IEC 27001:2022 for the effective adoption of information security best practice.

The framework provides guidelines for ensuring that critical information assets are protected from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording, or destruction.

1.2. Basic Information Security Terminology

• Confidentiality: Characteristic of the information by which it is available only to authorized persons or systems.
• Integrity: Characteristic of information by which it is changed only by authorized persons or systems in an allowed way.
• Availability: Characteristic of the information by which it can be accessed by authorized persons when it is needed.
• Information Security: Preservation of confidentiality, integrity, and availability of information.
• Information Security Management System: Part of overall management processes that take care of planning, implementing, maintaining, reviewing, and improving information security.

2. Managing the Information Security

2.1. Commitment to Satisfying Applicable Requirements

Our commitment to the delivery of Information Security extends to Top Management levels of the organization and will be demonstrated through the approval of this Information Security Management System Policy and the provision of appropriate resources to establish, manage, and develop the ISMS.

Top Management will also ensure that a systematic review of the program’s performance is conducted on a regular basis to ensure that quality objectives are being met, and quality issues are identified through the audit program and management processes. Management Review of the ISMS shall be conducted at least once a year.

The Information Security Officer (ISO) shall have overall authority and responsibility for the implementation and management of the Information Security Management System.

The ISO shall be specifically responsible for:

• The identification, documentation, and fulfillment of information security requirements.
• Implementation, management, and improvement of risk management processes.
• Integration of processes.
• Compliance with statutory, regulatory, and contractual requirements.
• Reporting to top management on performance and improvement.

2.2. Framework for Setting Objectives and Policy

Objectives for the ISMS align with organizational strategy and are reviewed regularly. Compliance with ISO/IEC 27001:2022 ensures adoption of appropriate controls.

2.3. Continual Improvement of the ISMS

• Improve ISMS effectiveness.
• Maintain ISO/IEC 27001:2022 certification.
• Enhance stakeholder perception of proactivity in information security.
• Review metrics annually for improvements.

2.4. Policy Communication

The ISO ensures all employees and external parties are familiar with the policy.

3. Support for ISMS Implementation

The COO declares support for ISMS implementation with adequate resources to meet objectives and requirements.

4. Validity and Document Management

This document is valid as of November 2nd, 2024.