INFORMATION SECURITY POLICY v1.0
1.1 Purpose and Context
The purpose of this policy is to set out the information security policies that apply to Centrix to protect the confidentiality, integrity, and availability of data. It supports ISO/IEC 27001:2022 control Annex A5.1 – Policies for information security. This policy applies to all Centrix personnel, contractors and relevant third parties.
1.2 Principle
Information security is managed based on risk, legal and regulatory requirements, and business needs.
1.3 CEO Statement of Commitment
“As a company, we recognise the critical importance of information security in protecting our clients, partners, and stakeholders. We are committed to ensuring that information security remains a fundamental part of our business operations and corporate culture. This commitment extends to all employees, contractors, and stakeholders who are responsible for adhering to our security policies, procedures, and controls. We fully support the implementation and continual improvement of our ISMS and expect all personnel to contribute to maintaining the highest standards of information security.
Centrix Solutions is committed to satisfying applicable legal, contractual, regulatory and stakeholder information security requirements and continually improving the effectiveness of the Information Security Management System”.
Eddie Mahdi, CEO
1.4 Introduction
Information Security Management System (ISMS) protects the information that is entrusted to us.
Getting information security wrong can have significant adverse impacts on our employees, our customers, our reputation, and our finances.
1.5 Scope of the Information Security Management System
The ISMS scope includes the provision of managed IT services by Centrix Solutions, including network security, cloud service delivery, incident response, vulnerability management and business continuity activities, and covers the information, people, processes, and supporting technologies required to deliver these services.
1.6 Information Security Objectives
Centrix’s Information Security objectives are as per the below. These objectives are reviewed during Management Review meetings and monitored through the ISMS Monitoring and Measurement Plan in accordance with ISO 27001 Clause 6.2. See Planning to achieve these Objectives in POL002.
Maintain the confidentiality, integrity and availability of information, with zero data breaches
Maintain compliance with ISO 27001 and legal/regulatory requirements
Implement and maintain an effective risk management framework and control environment
Measure, monitor and report on the effectiveness of information security controls
Promote and maintain a high level of employee security awareness and behaviour
1.7 Policy Review and Update
This policy will be reviewed every 12 months at executive strategic planning sessions or as needed to ensure its continued relevance and effectiveness.
Updates will be made to reflect changes in Centrix’s environment, technology, or legal and regulatory requirements.
All changes to this policy will be communicated to relevant stakeholders.
Non-compliance with this policy may result in disciplinary actions as per organizational procedures.