Information Security Policy

03.08.2021

The purpose of this policy is to protect information and information assets from all threats, whether internal or external, deliberate or accidental, through the establishment, implementation, execution, supervision, review, maintenance and improvement Information Security Management System with the scope of software development services, along with the ISO/IEC 27001: 2013 and ISO/IEC 27002: 2013 standards.

Softray Solutions recognizes that the disciplines of confidentiality, integrity, and availability in the Information Security Management System are integral parts of its management function. The management od Softray Solutions views these as primary responsibilities and fundamental to the best business practice of adopting appropriate information security controls.

Softray Solutions' Information security policy seeks to operate to the highest standards continuously, including continual improvement, through annual internal review and management review.

Our information security objectives are:

• Comply with all applicable laws and regulations and contractual obligations;
• Implement continual improvement initiatives, including risk assessment and risk treatment strategies, while making the best use of its management resources to better meet information security requirements;
• Communicate its Information security objectives, and its performance in achieving these objectives, throughout the company, and to interested parties;
• Adopt an Information Security Management System comprising security manual with security policies and procedures which provide direction and guidance on information security matters relating to employees, customers, suppliers, and other interested parties;
• Work closely with its customers, business partners, and suppliers in seeking to establish appropriate information security standards;
• Defining the monitoring procedure and reporting on important aspects of information security;
• Implement Incident prevention for information security, ie. all breaches of information security and suspected weaknesses are reported and investigated;
• Adopt a forward-looking view on future business decisions, including the continual review of risk evaluation criteria, which may have an impact on information security;
• Train all employees in the roles and responsibilities in information security management;
• Constantly strive to meet, and where possible exceed, its customer's and employees' expectations.

Responsibility for creating and reviewing this policy is under the guidance of Softray Solutions management. The Information Security Manager facilitates the implementation of this policy through the appropriate standards and procedures. All employees and contracted suppliers follow the procedures to maintain the information security policy. All employees have responsibility for reporting security incidents and any identified weaknesses. Any deliberate act to jeopardize the security of information that is the property of Softray Solutions or their customer or suppliers will be subject to disciplinary and/or legal action as appropriate.

The policy is reviewed annually and in case of influencing changes to ensure it remains appropriate for the business and our ability to serve our customers.