Last Updated: June 17, 2020

Information Security Policy Statement

Information Security Policy Statement

VisionX Technologies is committed to protect its information assets by deploying information security controls that minimize the impact of security incidents. The purpose of this policy is to demonstrate (a) management commitment and (b) create, maintain and continually improve information security) within the company and customer services.

This policy applies to whole VisionX by setting security objectives, management commitments, and defining roles and responsibilities.

Commitment

The leadership and management of VisionX are committed to preserve the availability, confidentiality and integrity of the physical and information assets we store, process or communicate on behalf of our staff, suppliers, clients and partners.

It is essential that our customers at any time trust us to handle their data in a correct and secure manner. This is why, security must be viewed as a part of our DNA and a prerequisite for the company to be able to function and be competitive. We strongly believe that information security is essential to maintain the company competitive edge, as well as its legal, regulatory and contractual compliance.

Policy Statement

VisionX management is committed to create, maintain and continually improve the Information Security Management System. We shall adhere to recommended ISMS practices in compliance with ISO-27001-2013, to deliver company services while fulfilling information security expectations of our customer.

  • The company shall work within the framework of the Local Government and applicable regulations, while fulfilling the contractual obligation of the client.
  • The company shall ensure is to ensure protection of its information assets from all threats – internal or external, deliberate or accidental and natural disasters.
  • Furthermore, VisionX will ensure the following:
    • All contractual requirements in products, projects, and services are fulfilled.
    • Business requirements for availability of information and systems are met.
    • Risks to all corporate assets are assessed and against all risks appropriate controls are implemented, mitigation and contingency plans are defined.
    • All corporate assets have a secure and safe environment.
    • Conducive work environment has been provided to human resource, free from accidental and occupational hazards.
    • All personnel are trained in information security practices, roles and responsibilities.

Security Objectives

VisionX aims to achieve certain information security (IS) objectives that are developed in accordance with its business objectives and the context of its operations. These IS objectives are achieved by certain controls, which addressed by VisionX policies.

Specific information security objectives are as follows:

  • Maintain the Information Security Management System in compliance to ISO-27001
  • Comply to contractual, regulatory, and legal requirements
  • Application security by design
  • 24 x 7 threat hunting
  • Business continuity
  • Security training & awareness

Risk Management

The VisionX strategic business plan and risk management framework provides the context for identifying, assessing, evaluating and controlling information-related risks through the establishment and maintenance of a security program. The risk assessment and risk treatment plan identify how information-related risks are controlled.

Information and information security requirements will continue to be aligned with company goals by management of information-related risks to acceptable levels, and is intended to be an enabling mechanism for information sharing, electronic operations, and innovation.

Roles & Responsibilities

VisionX has established a compliance team led by Information Security Officer and consists of representatives from various departments and top management. This team monitors, manages, and continually improves the information security posture of VisionX and periodically review policies. In particular this team is responsible for implementing all the requirements from this policy and reporting the performance to top management.

VisionX also has a security team that analyze organizational context to enable informed decisions and manage security related processes. This team helps to maintain business continuity and contingency plans. Control objectives for each business areas are supported by specific documented policies and procedures.

The Chief Risk Officer (CRO) is responsible for the management and maintenance of the overall risk management framework. Detailed risk assessments, where necessary, are carried out by individual departments to determine appropriate controls for specific risks.

Non-compliance Rule

Violation of the security rules may result in sanctions towards employees in accordance with HR rules and procedures. Towards business partners, suppliers, and their employees, the sanction can be imposed in accordance with signed agreements.

VisionX reserves the right to detect and investigate any external or internal attempts of unauthorized access to the company information assets or attempts to prevent its systems from functioning appropriately. VisionX will evaluate all such attempts with a view to potential police reports and legal consequences.

Improvement Path

VisionX information security policies are subject to continuous, systematic review and improvement. This policy will be reviewed at least annually or when there are significant changes to the business or risk treatment plan. Incremental reviews are performed whenever there is significant change in information services, systems, architecture, or infrastructure.

Chief Information Security Officer
& Managing Director
March 1st, 2020