Security Policy
The objective of managing information
security is to ensure that its core and supporting business operations continue
to operate with minimal disruptions.
The Senior Management is committed to
an effective Information Security Management System in accordance with its
strategic business objectives.
“Sahla Enterprises commits to protect
its information assets from all threats in order to maintain the
confidentiality of information, rely upon the integrity of the information,
ensure availability of information, comply with legal, regulatory, statutory
and contractual obligations and ensure continual improvements towards
organization wide Information Security Management System”
Information Security translates to
preservation of the following goals:
1. Confidentiality: Assurance that
Information is accessible only to those authorized to have access.
2. ntegrity: Assurance of the
completeness and accuracy of Information and its processing methods; and
3. Availability: Assurance that
authorized user has access to Information and associated assets when required.
This is ensured by regular maintenance of hardware, updated and monitored
operating systems, redundant critical resources, IS business continuity
management, capacity management and other information security measures we
take.
Sahla Enterprises shall:
I.
Develop and implement an Information Security Management Systems (ISMS)
to protect organization’s information and information systems reasonably and
effectively from various internal and external threats.
II.
Commit to comply with regulatory, legal and business requirements.
III.
Ensure confidentiality, Integrity, and availability of Information
Assets.
IV.
Communicate all pertinent security policies to employees and other
interested parties as applicable.
V.
Identify the information assets, to understand their vulnerabilities and
the threats that may expose them to risk, through appropriate risk assessment.
VI.
Ensure that identified risks are mitigated through adequate controls as
documented in the risk treatment plan.
VII.
Ensure annual information security awareness training of all employees.
VIII.
Provide appropriate access controls for protection against unauthorized
access adaptability.
Sahla Enterprises
Information Security Policy is designed to provide a risk-based framework for
protecting Information Assets of Sahla Enterprises. It applies to all Sahla
Enterprises employees, contractors, and vendors