All users covered by the scope of this policy must handle information appropriately and in accordance with its classification level.
Information will be protected against unauthorized access and processing in accordance with its classification level.
Breaches of this policy must be reported.
Information security provision and the policies that guide it will be regularly reviewed, including through the use of annual internal audits and penetration testing.
Protection to information and assets against unauthorized access by deploying adequate security controls covering logical and personnel security.
Continuity of operations in line with business requirements and obligations to its stakeholders.
Inclusion of security responsibilities of various departments/individuals to adhere to this Policy.
Adequate security awareness and competence among associates at all levels to fulfil these responsibilities.
Governance of security performance against appropriate targets and objectives, enabling continuous improvements.