This policy is an aggregate of directives, regulations, rules, and practices that prescribes how Credrails manages, protects, and distributes information. It demonstrates Credrails commitment to provide management direction and support for information security in accordance with business requirements, relevant laws and regulations.
Our systems, process and people shall align with PCI DSS v4.0 and ISO 27001:2013 frameworks.
Credrails management is committed to ensuring that the confidentiality, integrity, availability and privacy of all the information and information assets. This ensures Credrails achieves its strategic goals, takes into account our interested parties and compliance with legal, contractual and regulatory requirements.
Credrails employees are required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. They are responsible for the completing their information security awareness trainings and reporting information security incidents based on the Incident management process.
This policy covers all Credrails information and information systems Credrails builds, manages and/or directly supports.
1. Create an overall approach to information security.
2. Detect and preempt information security breaches such as misuse of networks, data, applications, and computer systems.
3. Maintain the reputation of the organisation, and uphold ethical and legal responsibilities.
4. Respect customer rights, including how to react to inquiries and complaints about non-compliance.
It is important to Credrails that the relationship with our suppliers is based on a clear understanding of our expectations and information security requirements.
Credrails shall strive to monitor and review services supplied to ensure the third party does not represent a significant weakness to our operations.
Information security requirements may vary according to the type of contractual relationship that exists with each supplier and the goods/services delivered.
The following will generally apply: