Information Security Policy

Last Updated: April 1, 2024

Purpose

The key objective to ensure the success of Sigma’s business lies in protecting the business information of the organization and its customers. To fulfill this strategic business objective, Sigma has established an Information Security Management System.

Policy Statement

The Director, The Senior Management Team and all the employees are committed to adhere to, and usher toward continual improvement of the Information Security Management System in accordance with its strategic business objectives.

ISMS Objectives

The Objective of ISMS:

  • Information is only accessible to authorized persons – internal or external.
  • Confidentiality, Integrity, and Availability of Information for meeting all Business requirements shall be ensured.
  • Business Continuity plans are established, planned, and tested.
  • Information security awareness shall be enhanced among all the staff and relevant external parties.
  • All breaches of information security, actual or suspected, shall be reported to CISO and investigated by the Information Security Steering Committee.
  • The applicable regulatory and legislative requirements are fulfilled.
  • Information Security Risk Assessment shall be performed periodically and implement information security controls to mitigate the identified risks.
  • All critical infrastructure and applications are subjected to Vulnerability Assessment and Penetration Testing periodically.
  • Protection of PII and managing privacy controls as per applicable regulation.

The management at Sigma ensures that this policy is communicated, understood, implemented, and maintained at all levels of the organization. The policy shall be monitored annually for compliance and will be amended, if necessary. This policy has been approved by the Board of Directors at Sigma.