Information Security and Privacy Statement
DEFEND has a critical role in supporting the customers and safeguarding their assets. It is therefore vital that we acknowledge the dual role of protecting the confidentiality, integrity, availability and privacy of DEFEND’s and customers assets from threats.
In our interactions with our partners and customers we will be exposed to a range of different operating environments and constraints as well as regulatory and compliance requirements. While we need to understand and support these, we must also uphold our internal policies, standards, and procedure to manage the risk exposure to DEFEND.
What does this mean to DEFEND?
Protecting Assets – The protection of DEFEND’s and customers assets is vital to the success of our business. We have established an Information Security Management System (ISMS) in accordance with the ISO 27001:2022 standard and a Privacy Information Management System in accordance with the ISO 27701:2019 standard. These systems operate all the processes required to identify and protect information assets.
Information Security and Privacy Framework – The information security and privacy requirements in the Information Security and Privacy Framework encompass business processes, people, and technology and are guided by our policies, standards, and procedures to ensure governance, compliance, and continuous improvement.
Continuous Improvement – We are aware that our management systems must be continually changed and improved to meet our business needs. In this regard, we are continually setting new objectives, regularly reviewing our processes, and striving to improve and strengthen our information security and privacy posture on everything we do.
Effective Governance – We have established a Steering Committee that provides clear direction for the implementation of the Information Security and Privacy Policy and all supporting standards and procedures throughout the organisation and implements relevant and cost-effective information security and privacy controls by:
- Providing access to information only to authorised personnel from within and outside company.
- Ensuring the confidentiality and privacy of information is maintained.
- Maintaining the integrity of information throughout the process.
- Making information assets available to authorised users when needed.
- Classifying all business and customer information as per our classification and sensitivity levels.
- Informing and training all personnel on information security and privacy, ensuring compliance with the information security and privacy policies and standards, and establishing clear statements in our Acceptable Use Policy.
- Appointing a Chief Information Security Officer and Privacy Officer who is responsible for executing the Information Security Management Systems (ISMS) and Privacy Information Management System (PIMS) at DEFEND. Information Security Manager (ISM) is responsible for actions and activities related to information security and privacy at a detailed level.
- Proactively assessing information security and privacy risks and implementing practical and cost-effective controls to mitigate identified risks.
- Handling security and privacy incidents through an efficient incident response process. This includes ensuring that all breaches of information security and privacy and suspected weakness are reported and investigated.
- Complying with applicable legal, regulatory, contractual requirements to effectively manage policy requirements.
- Continuously monitoring all information systems to detect and prevent unauthorised activities.
- Regularly reviewing our Information Security and Privacy Policy and supporting documents for their continued suitability and applicability.
Commitment – We hereby, as committed members of the DEFEND family, agree to adhere to and uphold the Information Security and Privacy Policy and supporting documents in spirit and intent and to perform our roles and responsibilities in accordance with the expectations set by the leadership team and the Steering Committee.