Information System Security Policy | Cherat Cement

Information System Security Policy

OBJECTIVE

The objective of Information Security is to ensure continuity of business of the company and to minimize business damage by preventing and limiting the impact of security incidents.

POLICY

  1. The purpose of the Policy is to protect Company information assets from all threats, whether internal or external, deliberate or accidental. These assets relate to information stored and processed electronically.
  2. It is the Policy of the Company to ensure that:
    • Information will be protected against unauthorized access.
    • Confidentiality of information will be assured by protection from unauthorized disclosure or intelligible interruption.
    • Integrity of information (its accuracy and completeness) will be maintained by protecting against unauthorized modification.
    • Regulatory and legislative requirements will be met, including record keeping, according to Information Security Management System standard.
    • Disaster Recovery Plans will be produced, maintained and tested, to ensure that information and vital services are available to Company when needed.
    • Information on security matters will be made available to all staff.
    • All breaches of information security, actual or suspected, will be reported to and investigated by the Information Security Officer / Internal Audit.
  1. Standards will be produced to support the policy. These standards will include regulations, guidelines and procedures covering matters such as (not limited to) data security, backup, virus control and passwords.
  2. Business requirements for the available of information and information system will be met.
  3. The role and responsibility for managing information security will be assigned to a designated Information Security Officer/Internal Audit.
  4. The information Security Officer/Internal Audit will be responsible for maintaining the Policy and providing advice and guidance on its implementation.
  5. All managers are responsible for implementing the Policy within their business areas, and for adherence by their staff.
  6. It is responsibility of each employee to adhere to the Policy.