kloudser logo
contact

KLOUDSER TECHNOLOGY INC. INFORMATION SECURITY POLICY

Purpose

This policy is established to ensure the protection of Kloudser Technology Inc.'s information assets in accordance with the principles of confidentiality, integrity, and availability, to minimize risks, and to ensure the continuous improvement of the information security management system (ISMS) in compliance with the ISO/IEC 27001:2022 standard.

Scope

This policy covers all information assets related to Kloudser Technology's activities in computer programming; including coding of systems, databases, networks, web pages, and other software, custom software development for clients, and desktop and mobile application development.

Information Security Objectives

  • Ensure the confidentiality, integrity, and availability of all information assets of Kloudser Technology.
  • Identify and mitigate risks to information assets.
  • Protect against unauthorized access, data breaches, and cyber-attacks.
  • Comply with existing legal and regulatory requirements.
  • Increase employee awareness of information security and conduct ongoing training.

Responsibilities

  • All employees are responsible for complying with information security policies and procedures.
  • The Information Security Management Team is responsible for monitoring and improving the effectiveness of the ISMS.
  • The IT team is responsible for implementing technical measures to ensure the security of systems and data assets.

Risk Management

  • Information security risks will be regularly assessed and preventive and corrective actions will be taken.
  • Suppliers and external service providers will be required to comply with information security standards.
  • Emergency plans will be developed and tested for information security breaches and incidents.

Information Security Controls

  • Access control and authentication mechanisms will be implemented.
  • Data encryption techniques will be used to protect sensitive information.
  • Security patches and software updates will be applied regularly.
  • Employees will receive information security training and awareness campaigns will be conducted.

Compliance and Audits

  • Regular internal and external audits will be conducted to ensure compliance with ISO/IEC 27001:2022 standard.
  • Information security policies and procedures will be periodically reviewed and updated.
  • Legal and regulatory compliance will be ensured by adhering to all relevant regulations.

Policy Updates

This policy has been approved by management and will be reviewed annually and updated if necessary.