Information security risks may cause a severe impact on the entire organization in the events such risks materialize, which could lead to losing client trust, image, goodwill, and legal liability among other undesirable outcomes. Consequently, building a policy that does not only cover the desired information security requirements but also defines other aspects such as: the objectives of the information security, ownership of the policy and delegation of duties will help in managing and responding to information security incidents and breaches properly.
- The policy applies to all information created, processed, stored or received in DAMAMAX datacenter.
- This policy forms the basis of DAMAMAX Information Security Management System (ISMS) of related policies and procedures, based on the International Standard 27001, taking a risk-based approach to embed appropriate levels of information security controls and countermeasures.
- Policy Statement
It is the policy of DAMAMAX to ensure that appropriate controls and countermeasures are in place to safeguard the confidentiality, integrity and availability of corporate and customer data, as well as the information systems processing the data, and services and equipment of DAMAMAX. The purpose of the policy is to protect DAMAMAX’s information assets from all threats, whether internal or external, deliberate or accidental.
- DAMAMAX is committed to protect its information assets, personnel, intellectual property, computer systems, data, and equipment from all threats, whether internal or external, deliberate or accidental, in a cost-effective manner. This should be achieved with minimum inconvenience to authorized users and against threats to the level of service required by DAMAMAX to conduct its business.
- DAMAMAX shall adopt ISO 27001 Information Security Management System (ISMS) and PCI DSS as a standards to implement a formal system for protecting the confidentiality, integrity and availability of information.
- DAMAMAX is committed to comply with regulatory and legislative requirements.
- DAMAMAX is committed to satisfy the expectations and requirements of interested parties, and to provide the necessary resources to achieve this.
- DAMAMAX is committed to encouraging information security improvements by engaging with its personnel, providing them with information security training and awareness, and enhancing their competences.
- Information security should be aligned with DAMAMAX’s strategic direction and business objectives.
- Information security risks shall be managed based on DAMAMAX’s Risk Management Methodology.
- DAMAMAX is committed to continually improve its ISMS and information security posture.
- DAMAMAX is committed to treat and resolve security incidents and suspected vulnerabilities commensurate with their respective nature.
- Objectives relating to information security performance will be set then monitored and reviewed by the ISMS Steering Committee (ISMS-SC).
- DAMAMAX will continually review this policy and its information security performance to ensure it improves over time.
- All Managers are directly responsible for implementing this ISMS Policy, and for ensuring staff compliance in their respective departments.
- This policy is available to all DAMAMAX personnel and relevant interested parties. All DAMAMAX personnel are made aware of its commitment and the contents of this policy.
- Compliance Statement
Compliance with this policy and all other supporting policies, standards, and procedures is mandatory for all staff and third-parties. Violation of this policy or any other IS policies, standards, or procedures will result in corrective action by management. Disciplinary action will be commensurate with the severity of the violation, as determined by an investigation, and as deemed appropriate by management.