Information Security Policy

The aim of this policy is to define the purpose, direction, principles and basic rules for information security management.

This involves the systematic approach to managing company information so that it remains secure (maintain confidentiality, integrity and availability).

This policy applies to all information, information systems, networks, applications, locations and users of Datasec or supplied under contract to it.

Datasec goals and objectives for information security are aligned with its strategic objectives and
are follows:

Ensure information confidentiality: Restricting data only to those who need access to it.

    • Ensure information integrity: Making sure that the data in an Datasec’s possession is
      accurate, reliable and secured against unauthorized changes, tampering, destruction or
      loss.
    • Ensure availability of information and information processing systems: Provide secure and
      uninterrupted service to customers.
    • Enhance operational efficiency: Ensure that the information security measures adopted do
      not hinder but enhance Datasec’s capacity to provide services.
    • Cost Effectiveness: Ensure that the security measures Datasec chooses to deploy against
      risk are justifiable when measured against the cost of risk being mitigated.
    • Ensure compliance with information security requirements from clients, laws and
      regulations
    • Determine and allocate the resources necessary for the establishment, implementation,
      maintenance and continual improvement of the security management system.
    • Develop and implement a methodology to perform risk assessment and risk treatment.
    • Ensure that nonconformities are corrected, consequences dealt with, root cause
      investigated and dealt with appropriately.
    • Evaluate performance of the information security management system and continually
      improve it to ensure its continuing suitability, adequacy and effectiveness.
 

Leverage agile frameworks to provide a robust synopsis for high level overviews. Iterative approaches to corporate strategy foster collaborative thinking to further the overall value proposition. Impress clients new and existing with elite construction brochures. Impress clients new and existing with elite construction.

Exceptions against individual controls in specific policy domains shall be formally documented, which will include, at a minimum, the following:

  • Justification for the exception;
  • Risk due to the exception;
  • The mitigation controls to manage the risk;
  • The plan of action to manage the risk; and
  • The validity period of the exception.

Any Queries?

    Let's Talk

    Speak With Our Consultant

    Email: info@datasec.co.ke
    Phone: +254 752 602 000/ 0704 522 699
    Location: Forest View Mall 4th Floor, Ngong Road