Last Updated: February 11, 2024
ZEMBLE is a company dedicated to developing a platform for processes management (claims, complaints, clarifications, and others related). It has been decided to implement an Information Security Management System based on ISO 27001 to preserve the confidentiality, integrity, and availability of information.
The Top Management is aware that the information is a highly valued asset that requires suitable protection.
Purpose and Scope
1. This information security policy states principles, rules for information security management within ClaimSpace.
2. This policy applies to all users of information systems within the organisation. Including employees and contractors, as well as any external parties that come into contact with systems and information controlled by the organization (hereinafter referred to as “users”). This policy must be made readily available to all users.
3. This policy states defines the high-level commitments, objectives definition and implementation strategy to achieve ClaimSpace’s Information Security goals and objectives.
4. Within this document, the following definitions apply:
Confidentiality: a characteristic of information or information systems in which such information or systems are only available to authorized entities.
Integrity: a characteristic of information or information systems in which such information or systems may only be changed by authorized entities, and in an approved manner.
Availability: a characteristic of information or information systems in which such information or systems can be accessed by authorized entities whenever needed.
Information Security: the act of preserving the confidentiality, integrity, and availability of information and information systems.
Information Security Management System (ISMS): the overall management process that includes the planning, implementation, maintenance, review, and improvement of information security.
5. Information Security Management System (ISMS): the overall management process that includes the planning, implementation, maintenance, review, and improvement of information security.
Policy
The information security principles are established as follows:
- The protection of personal data and privacy.
- The safeguarding of the organisation's records.
- The protection of intellectual property rights.
- The education and training for information security.
- The registration of security incidences.
- The business continuity management.
The above is achieved through the Information Security Management System, and the following commitments are made:
- The organization’s objectives for information security are in line with the organisation’s business objectives, strategy, and plans.
- To develop services and products in compliance with legal requirements.
- To establish and comply with the contractual requirements with third parties.
- Prevention of threats and detection of vulnerabilities through the development of processes and the establishment of contractual agreements with specialized vendors.
- Business continuity management, through continuity plans.
- Adequate and responsive management of incidents.
- Establishment of the consequences in the case of security policy violations, which will be reflected in the contracts signed with the interested parties.
- To act at all times within the strictest professional ethics.
- To take into account the Continous Improvement as a paramount compromise to be followed by Claimspace.