INFORMATION SECURITY POLICY
1. Management Statement
The Management of Narusec supports the establishment of an Information Security Management System (ISMS), that will define a security framework to be applied as a control against accidental or deliberate actions, that may cause threat to the Company’s and its clients information. The scope of the ISMS covers all the Support Services offered by the Company.
The purpose of this policy is to provide the necessary direction, support and commitment from Management on applying an ISMS according to best practices for protecting the confidentiality, integrity and availability of the Company’s and its client’s information. The framework we take into consideration the business requirements of the Company and relevant laws and regulations.
The establishment of an ISMS aims to provide a set of controls that will protect against internal and external threats as well as intentional or accidental actions, that are directed to specific information, carriers of information, or information sources.
By applying the ISMS Narusec aims to:
- Provide the best possible effort to preserve confidentiality, integrity and availability of all information according to their value and criticality for its operation.
- Comply with all regulatory, legal and contractual requirements.
- Educate, train and improve awareness on information security for all employees.
- Report, track and investigate any actual or suspected security incidents and breaches of this Policy.
For the administration of the ISMS, the company has appointed a Chief Information Security Officer (CISO) that works closely with the Service Delivery Manager. The Chief Information Security Officer has the authority to create and periodically modify Information Security documentation, (Policies, procedures, Forms, etc.) which are in compliance with this policy. Such documentation will have the same scope and authority as if they were included in this document.
The preservation of Information Security is a Management’s principle responsibility and a critical task. However, the everyday operation of the controls arising from this policy and concerning the secure operation of the Company is the responsibility and duty of all employees and third parties collaborating with the Company.
Narusec Management is committed to:
- Ensure that information security goals are identified and meet the Company’s requirements.
- The ISMS will be applied through its intended scope, in compliance with the ISO/IEC 27001:2013.
- Continuous improve the ISMS according to business needs, in order to ensure high level of effectiveness.
- Monitor through Management Reviews the completeness of the ISMS.
- Ensure the application of the ISMS according to all relevant laws, regulations and contractual requirements.
- Formulate, review, and approve information security policy.
- Provide clear direction and visible management support for security initiatives.
- Provide the resources needed for information security.
- Approve assignment of specific roles and responsibilities for information security within the Company.
- Initiate plans and programs to maintain information security awareness.