Our Information Security Policy

 

  • Ensuring that an information security management system is established and improved continuously for the purpose of ensuring the confidentiality, integrity of the information assets and data and, accessibility of such assets and data by the authorized persons, if and when so required;

  • Meeting the expectations of all internal and external stakeholders for the purpose of ensuring the achievement of the information security management system;

  • Fulfilling the information security-related requirements as prescribed by the statutory regulations, international industry standards and contractual obligations;

  • Identifying the threats to the information assets, assessing the risks and taking the actions with respect to such risks, and ensuring the necessary protection;

  • Ensuring that all accesses are granted in compliance with the principle of least privilege and segregation of duties in line with the requirements of the class of information;

  • Monitoring the risks on continuous basis by considering the technological expectations within the context of the scope of the service being provided, and setting out the operating principles for the processing of the risks;

  • Making contribution to the continuity and sustainability of the business by reducing the impact of the information security threats on the business / service continuity;

  • Ensuring to have a competence that could respond effectively and quickly to the potential information security incidents, which might occur, and minimize the impacts of the incidents;

  • Enhancing the reputation of the entity, and protect the entity against any negative impact that might arise from the security information failures;

  • Determining the security requirements with respect to the products and services procured from the suppliers, analyzing the risks and documenting all security-related expectations in the agreement, and taking the necessary actions by monitoring the supplier management process on continuous basis;

  • Carrying out activities for the purpose of raising the information security awareness of all stakeholders.

Our Service Management Policy

 

    • Fulfilling the service level requirements as specified in the statutory regulations, international industry standards and contractual obligations;

    • Meeting the expectations of all internal and external stakeholders for the purpose of ensuring the achievement of the Service Management System;

    • Making available the current versions of the service catalogs to the access by the customers;

    • Ensuring that a Service Management System is established and improved continuously for the purpose of enhancing the quality of the services offered and running the processes in a standardized, effective and productive manner;

    • Raising the level of awareness by promoting the participation of all stakeholders, including the managerial staff, in the Service Management System;

    • Establishing the service management plan to meet all regulatory and contractual requirements and the expectations of the stakeholders optimally with the minimum cost, and updating such plan on continuous basis;

    • Establishing risk management system to include the services and the processes, whereby such services are provided, internally, and running such system and ensuring that it is reviewed within regular intervals;

    • Monitoring the cost and revenues of the services on continuous basis and ensuring an effective budget management through the performance of resource planning for the purpose of providing service;

    • Monitoring the processes, whereby the services are provided, on continuous basis, enhancing the performance of such processes;

    • Increasing the satisfaction by handling the customer complaints through quick and effective solutions.

      Our Business Continuity Policy

       

        • Ensuring, primarily, life safety in case of an emergency as part of Business Continuity;

        • Fulfilling the requirements for the business continuity levels as specified in the statutory regulations, international industry standards and contractual obligations;

        • Drawing up the business continuity plans by taking into account the expectations of all internal and external stakeholders, corporate policies and statutory obligations;

        • Ensuring the human security and the security of the assets of the customers and the entity in case of an emergency, and keeping the negative impact of such emergency on the operations and services at the lowest level by reducing interruption of the business continuity to minimum;

        • Assessing the extent of a Disaster/Crisis/Incident in the fastest and most accurate manner, and ensuring that the necessary actions are taken rapidly;

        • Improving the Business Continuity Policy on continuous basis in accordance with the international standards;

        • Monitoring and reporting the effectiveness of the Business Continuity Management System by means of the drills conducted within regular intervals, and carrying out the improvement activities as based on the results of such drills;

        • Managing the internal and external communication in respect of Business Continuity topics, and ensuring that such communications are up-to-date;

        • Responding swiftly so as to prevent that a minor incident scales up to more severe levels;

        • Ensuring recovery as based on the recovery priorities and the restoration of the most critical services at first for the purpose of ensuring the timely restart of the services and maintaining the data integrity;

        • Ensuring that the potential risks such as the natural disaster, technological failures, human error and such other incidents are prevented or minimized as part of the business continuity management system;

        • Activating the crisis communication plan, if and when so required, for the purpose of protecting the reputation of the organization and minimizing the financial losses.