13.08.2025.

The purpose of this policy is to protect information and information assets from all threats, whether internal or external, deliberate or accidental, through the establishment, implementation, supervision, review, maintenance, and continual improvement of the Information Security Management System (ISMS). The scope of our ISMS covers software development services, aligned with the ISO/IEC 27001:2022 and ISO/IEC 27002:2022 standards. 

Softray Solutions recognizes that confidentiality, integrity, and availability are fundamental principles of information security and essential to the success of our business operations. The management of Softray Solutions regards these as core responsibilities and integral to the company’s long-term growth and the trust of our customers, employees, and partners. 

Through this policy, Softray Solutions is committed to operating at the highest standards of information security. We achieve this by maintaining compliance with legal, regulatory, and contractual obligations, continually improving our risk management processes, implementing effective security controls, and embedding security awareness into the culture of our organization. 

Our information security objectives are: 

• Comply with all applicable legal, regulatory, and contractual requirements; 

• Conduct ongoing risk assessments and implement effective risk treatment strategies; 

• Continually improve the ISMS through regular reviews, audits, and corrective actions; 

• Communicate information security objectives and performance across the organization and to relevant stakeholders; 

• Ensure that all employees are trained and aware of their responsibilities in protecting information; 

• Collaborate with customers, business partners, and suppliers to maintain high security standards; 

• Monitor, report, and respond effectively to security incidents and weaknesses; 

• Adopt a proactive approach to risk evaluation, considering potential impacts of future business decisions on information security; 

• Strive to meet and, where possible, exceed the expectations of our customers, partners, and employees. 
  
  

Responsibility for this policy rests with the management of Softray Solutions, supported by the Information Security Manager, who ensures that appropriate standards, procedures, and controls are implemented. Every employee and contracted supplier has a duty to follow these procedures, report incidents or weaknesses, and contribute to the continuous improvement of our ISMS. 

This policy is reviewed annually, or whenever significant changes occur, to ensure its continued suitability, adequacy, and effectiveness in protecting information and supporting the strategic goals of Softray Solutions.