Purpose Information security threats are a risk that has a very high impact on the entire organization. Consequently, building a policy that covers the desired information security requirements and defines other aspects such as the objectives of the information security, ownership of the policy, and delegation of duties will help manage and respond to information security incidents properly.
Scope The policy applies to all information created or received in HyperPay. This policy forms the basis of the HyperPay Information Security Management System (ISMS) and Privacy Information Management System (PIMS) of related policies and procedures, based on the International Standard 27001 and ISO 27701, taking a risk-based approach to embed embedding appropriate levels of information security controls and countermeasures.
Compliance Compliance with this document is mandatory, HyperPay managers shall ensure continuous compliance monitoring within their departments. Compliance with the statements of this document is a matter of annual review by the Cybersecurity Function. Any violation will result in disciplinary action by Human Resources.
Disciplinary action will be depending on the severity of the violation which will be determined by the investigations. Actions such as termination or others as deemed appropriate by HyperPay Management and escalate to HR Department.
Policy Statement It is the policy of HyperPay to ensure that appropriate controls and countermeasures are put in place to protect corporate and personnel data, as well as the information technology systems, and services, and equipment of HyperPay. a. HyperPay is committed to protecting its information assets, personnel, intellectual property, computer systems, data, and equipment from all threats, whether internal or external, deliberate, or accidental, this should be achieved with minimum inconvenience to authorized users and against threats to the level of service required by the HyperPay to conduct its business. b. HyperPay shall adopt ISO 27001, ISO 27701 Information Security Management System (ISMS), and Privacy Information Management System (PIMS) as a tool to implement a formal system for protecting the confidentiality, integrity, and availability of information. c. HyperPay is committed to complying with all regulatory and legislative requirements imposed on the organization by governmental authorities. d. HyperPay is committed to satisfying the information security expectations and requirements of interested parties, and to provide providing the necessary resources to achieve this. e. Information security risks are being managed based on HyperPay ’s approved risk management Framework. f. HyperPay is committed to treating security incidents and suspected vulnerabilities per their respective nature. g. Information security objectives will be defined based on the implemented risk assessment and will be monitored and reviewed by the privacy and Information Security Management System Steering Committee. h. HyperPay is committed to continually improve improving its ISMS and PIMS through the implementation of the Plan–Do–Check–Act cycle.