Information Security Policy
1.0. Policy Objective
1.0. To protect the information assets that Katalysys Ltd (“Katalysys”) handles, stores, exchanges, processes and has access to, and to ensure the ongoing maintenance of their confidentiality, integrity and availability.
1.1. To ensure controls are implemented that provide protection for information assets and are proportionate to their value and the threats to which they are exposed.
1.2. To ensure the organisation complies with all relevant legal, customer and other third-party requirements relating to information security.
1.3. To continually improve the organisation’s Information Security Management System (ISMS) and its ability to withstand threats that could potentially compromise information security.
2.0. Scope
2.0. This policy and its sub-policies apply to all people, processes, services, technology and assets detailed in the Scope. It also applies to all employees or subcontractors of information security critical suppliers who access or process any of the organisation’s information assets.
3.0. Core Policy
3.0. The organisation believes that despite the presence of threats to the security of such information, all security incidents are preventable.
3.1. The Managing Directors of Katalysys are committed to achieving the objectives detailed in the policy through the following means:
3.1.1. The implementation and maintenance of an ISMS that is independently certified as compliant with ISO 27001:2022;
3.1.2. The systematic identification of security threats and the application of a risk assessment procedure that will identify and implement appropriate control measures;
3.1.3. Regular monitoring of security threats and the testing/auditing of the effectiveness of control measures;
3.1.4. The maintenance of a risk treatment plan that is focused on eliminating or reducing security threats;
3.1.5. The maintenance and regular testing of a Business Continuity Plan;
3.1.6. The clear definition of responsibilities for implementing the ISMS;
3.1.7. The provision of appropriate information, instruction and training so that all employees are aware of their responsibilities and legal duties, and can support the implementation of the ISMS;
3.1.8. The implementation and maintenance of the sub-policies detailed in this policy.
3.2. The appropriateness and effectiveness of this policy, and the means identified within it, for delivering the organisation’s commitments will be regularly reviewed by Top Management.
3.3. The implementation of this policy and the supporting sub-policies and procedures is fundamental to the success of the organisation’s business and must be supported by all employees and contractors who have an impact on information security as an integral part of their daily work.
3.4. All information security incidents must be reported to Information Security Manager (“ISM”). Violations of this policy may be subject to the organisation’s Disciplinary and Appeals Policy and Procedure.
Signed on behalf of Board of Directors:
Alvin Abraham
Position: CEO Date: 17-Sep-2024
4.0 Sub-policy index
5.0. Responsibilities
6.0. Definitions
7.0. Associated Documents
8.0. Acceptable Use of Assets Policy
9.0. Access Control Policy
10.0. Backup Policy
11.0. Clear Desk and Clear Screen Policy
12.0. Communication Policy
13.0. Cryptographic Controls Policy
14.0. Information Classification, Labelling and Handling Policy
15.0. Mobile Devices Policy
16.0. Physical and Environmental Security Policy
17.0. Protection from Malware Policy
18.0. Protection of Personal Information Policy
19.0. Suppliers Policy
20.0 Remote Working Policy
21.0 Use of Intellectual Property Policy
22.0 Use of Software Policy
23.0 Threat Intelligence Policy
24.0 Configuration Management Policy
25.0 Operational Controls Policy
26.0 Policy Review