Information Security Policy

Last Updated: July 26, 2021

ZEMBLE is a company dedicated to developing a platform for processes management (claims, complaints, clarifications, and others related). It has been decided to implement an Information Security Management System based on ISO 27001 to preserve the confidentiality, integrity, and availability of information. 

The Top Management is aware that the information is a highly valued asset that requires suitable protection. 

Purpose and Scope

1. This information security policy states principles, rules for information security management within ClaimSpace.

2. This policy applies to all users of information systems within the organisation. Including employees and contractors, as well as any external parties that come into contact with systems and information controlled by the organization (hereinafter referred to as “users”). This policy must be made readily available to all users.

3. This policy states defines the high-level commitments, objectives definition and implementation strategy to achieve ClaimSpace’s Information Security goals and objectives.

4. Within this document, the following definitions apply:

Confidentiality: a characteristic of information or information systems in which such information or systems are only available to authorized entities.

Integrity: a characteristic of information or information systems in which such information or systems may only be changed by authorized entities, and in an approved manner.

Availability: a characteristic of information or information systems in which such information or systems can be accessed by authorized entities whenever needed.

Information Security: the act of preserving the confidentiality, integrity, and availability of information and information systems.

Information Security Management System (ISMS): the overall management process that includes the planning, implementation, maintenance, review, and improvement of information security.

Policy

The information security principles are established as follows: 

- The protection of personal data and privacy.
- The safeguarding of the organisation's records.
- The protection of intellectual property rights.
- The education and training for information security.
- The registration of security incidences. 
- The business continuity management.

The above is achieved through the Information Security Management System, and the following commitments are made:

- The organization’s objectives for information security are in line with the organisation’s business objectives, strategy, and plans.
- Objectives for individual security controls or groups of controls are proposed by the company management team, including but not limited to Chief Technology Officer, Chief Operating Officer, Compliance Officer, Security Officer, Head of Architecture, Head of Engineering, and others as appointed by the CEO; these security controls are approved by the CEO.
- All objectives must be reviewed at least once per year.
- To develop services and products in compliance with legal requirements.
- To establish and comply with the contractual requirements with third parties.
- Prevention of threats and detection of vulnerabilities through the development of processes and the establishment of contractual agreements with specialized vendors.
- Business continuity management, through continuity plans.
- Establishment of the consequences in the case of security policy violations, which will be reflected in the contracts signed with the interested parties.
- To act at all times within the strictest professional ethics.
- To take into account the Continous Improvement as a paramount compromise to be followed by Claimspace.