The purpose of the information security policy is to protect the confidentiality, integrity, and availability of company data. It outlines the company's commitment to achieving security objectives and protecting confidentiality, integrity and availability of information. Therefore, the top management declares that:

1. The organisation has established and documented Information security policies and procedures that provide guidance on the usage, protection, and management of all information assets.

2. Management requires all employees and contractors to apply information security and privacy in accordance with the established policies and procedures of the organization.

3. The organisation has developed and maintains the information security management system (ISMS) to ensure the proactive identification, assessment, and management of security risks.

4. The organisation provides appropriate security controls and monitoring to protect Information assets from unauthorized access, alteration, destruction, or disclosure.

5. The organisation educates and trains all personnel on the information security management system and information security policies and procedures.

6. The organisation has developed and implemented an incident response plan to address security breaches, incidents, and threats.

7. The organisation has developed and maintains an audit program to ensure compliance with information security policies and procedures.

8. The organisation monitors the effectiveness of the ISMS and takes corrective action where necessary.

9. The organisation regularly review the ISMS to ensure its ongoing effectiveness to assure continual improvement of the management system.