- All users covered by the scope of this policy must handle information appropriately and in accordance with its classification level.
- Information will be protected against unauthorized access and processing in accordance with its classification level.
- Breaches of this policy must be reported.
- Information security provision and the policies that guide it will be regularly reviewed, including through the use of annual internal audits and penetration testing.
- Protection to information and assets against unauthorized access by deploying adequate security controls covering logical and personnel security.
- Continuity of operations in line with business requirements and obligations to its stakeholders.
- Inclusion of security responsibilities of various departments/individuals to adhere to this Policy.
- Adequate security awareness and competence among associates at all levels to fulfil these responsibilities.
- Governance of security performance against appropriate targets and objectives, enabling continuous improvements.