Appzone recognizes at senior levels the need to ensure that its business operates smoothly in the face of security breaches and unwanted events for the benefit of its customers, shareholders, and other stakeholders. To provide such a level of confidentiality, integrity and availability of information, Appzone has implemented and Integrated an Information Security Management System (ISMS) with existing management systems in line with the International Standard for Information Security, ISO27001. Through the operation of this ISMS, AppZone is committed to:
Setting Information Security objectives
- Defining a framework for setting high-level objectives for information security that are fundamental to the nature of the business.
- Ensuring that defined ISMS objectives guide the setting of lower level, more short-term objectives for information security planning within an annual cycle timed to coincide with organizational budget planning.
- Ensuring that adequate funding is obtained for the improvement activities identified within the ISMS.
- Ensuring that Information Security objectives are documented in the Integrated Management System Plan for the relevant financial year, together with details of a plan for how they will be achieved.
- Ensuring that Integrated Management System Plan are reviewed on a quarterly basis as part of the management review process, at which time the objectives will also be reviewed to ensure that they remain valid. If amendments are required, these will be managed through the change management process.
Top Management Leadership and Commitment
- AppZone’s commitment to the Information Security Management systems extends to senior levels of the organization and will be demonstrated through this Information Security Policy and the provision of appropriate resources to provide and develop the Information Security Management Systems and associated controls.
- AppZone Top management will also ensure that a systematic review of performance of the programme is conducted on a regular basis to ensure that objectives are being met and issues are identified through the audit programme and management review processes.
Roles and Responsibilities
- AppZone management has appointed ISMS Managers with the overall authority and responsibility for the implementation and management of the Information Security Management system to ensure the success of the ISMS and protect the business from risk.
- Appzone is committed to continually improve the effectiveness of the Information Security Management System across all areas within scope.
- Enhance current processes to bring them in line with good practice as defined within ISO 27001
- Achieve ISO 27001 certification and maintain it on an on-going basis
- Increase the level of proactivity (and the stakeholder perception of proactivity) regarding the ongoing management of ISMS.
- Achieve an enhanced understanding of and relationship with the business units to which the ISMS applies
- Review relevant metrics on an annual basis to assess whether it is appropriate to change them, based on collected historical data.
- Obtain ideas for improvement via regular review meetings with stakeholders and document them in a Continual Improvement Log
- Review the Continual Improvement Log at regular management meetings in order to prioritize and assess timescales and benefits
Our ISO 27001 Information Security Management Systems (ISMS) Objectives
- Provide 85% assurance of information systems resilience.
- Protect 100% of client confidential information
- Protect 100% of critical information assets and critical business processes relative to Appzone core business.
- Ensure 90% compliance with Appzone, contractual, regulatory and legal requirements and reduce regulatory sanctions/penalties
- Improve security-awareness culture for 80% of employees.
Realization of the following business benefits
- Protection of revenue streams and company profitability
- Ensuring the continuous service delivery to customers
- Compliance with legal and regulatory requirements
- To reduce the impact and cost of disruption
- To ensure protection and safety of employees and company asset
- To provide assurance to our customers, partners, and other stakeholders