The purpose of this policy is to protect information and information assets from all threats, whether internal or external, deliberate or accidental, through the establishment, implementation, execution, supervision, review, maintenance and improvement Information Security Management System with the scope of software development services, along with the ISO/IEC 27001: 2013 and ISO/IEC 27002: 2013 standards.
Softray Solutions recognizes that the disciplines of confidentiality, integrity, and availability in the Information Security Management System are integral parts of its management function. The management od Softray Solutions views these as primary responsibilities and fundamental to the best business practice of adopting appropriate information security controls.
Softray Solutions' Information security policy seeks to operate to the highest standards continuously, including continual improvement, through annual internal review and management review.
Our information security objectives are:
Responsibility for creating and reviewing this policy is under the guidance of Softray Solutions management. The Information Security Manager facilitates the implementation of this policy through the appropriate standards and procedures. All employees and contracted suppliers follow the procedures to maintain the information security policy. All employees have responsibility for reporting security incidents and any identified weaknesses. Any deliberate act to jeopardize the security of information that is the property of Softray Solutions or their customer or suppliers will be subject to disciplinary and/or legal action as appropriate.
The policy is reviewed annually and in case of influencing changes to ensure it remains appropriate for the business and our ability to serve our customers.