1. Purpose
This policy aims to define and establish a framework for ensuring cybersecurity compliance within our organization.
2. Scope
This policy applies to all employees, contractors, vendors, and third parties who interact with the organization’s information systems and assets.
3. Roles and Responsibilities
• CISO: responsible for setting up the organization’s strategic direction for cybersecurity compliance. He must allocate adequate resources to ensure compliance with cybersecurity requirements and ensure its integration with organizational objectives.
• The Information Security Team: responsible for identifying and tracking relevant national legislative and regulatory requirements and locally accredited international/cross-border requirements.
• Employees and authorized users: responsible for understanding and complying with cybersecurity requirements as outlined in this policy. They must report any potential compliance violations or security concerns promptly to the Information Security Team or designated authorities.
4. Policy Statements
BMB has been committed to providing the best technology solutions and services including professional services, consulting services and managed services since 1997.
We at BMB have an ethical, legal and professional duty to ensure that the information we hold conforms to the principles of confidentiality, integrity, and availability.
We ensure that the information we hold or are responsible for, is safeguarded where necessary against inappropriate disclosure, is accurate, timely and attributable, and is available to those authorized to access it.
This Information Security Policy provides the framework by which we take account of these principles, and our information security objectives are established.
This policy’s primary purpose is to enable all BMB staff and stakeholders to understand both their legal and ethical responsibilities concerning information and empower them to collect, use, store and distribute it in an appropriate manner.
We at BMB are committed to a robust implementation of our Information Security Management System and its continual improvement.
The principles defined in this policy will be applied to all the physical and electronic information assets for which BMB is responsible.
The purpose of our Information Security Management System is as follows:
• Provide a framework for establishing suitable levels of information security objectives and levels of security controls for all BMB information systems (including but not limited to all computers, mobile devices, networking equipment, software, and data) and to mitigate the risks associated with the theft, loss, misuse, damage or abuse of these systems.
• Provide the resources required to manage our Information Security Management System.
• Make certain that users are aware of and comply with all current and relevant legal and other requirements.
• Respond to feedback and updates as appropriate and efficiently
5. Update and Review
The IMS Administrator must review the policy at least once a year or in case any changes happen to the policy or the regulatory procedures in BMB or the relevant regulatory requirements.
6. Compliance
1. The IMS Administrator function will ensure the compliance of BMB with this policy on a regular basis.
2. All personnel at BMB must comply with this policy.
3. Any violation of this policy may be subject to disciplinary action according to the BMB’s procedures.
