Purpose

The Information Security Policy provides direction and support to management and the Information Security team, in accordance with business requirements and relevant laws and regulations so that its information assets are provided comprehensive protection against the consequences of breaches of confidentiality, failures of integrity or interruptions to their availability.

Scope

Information covered in this policy includes, but is not limited to, information that is received, stored, processed, or transmitted via any means. This includes electronic, hardcopy, and any other form of information regardless of the location or the media on which it resides. The Information Security policy is applicable to the scope of the company, as defined in the ISMS Manual.

Roles and Responsibilities

  • Management representatives have been identified for the Information Security at Sequantix.
  • Information Security Roles and Responsibilities shall be identified by the internal information security team or GRC team, and it shall be communicated to the relevant stakeholders during various implementation phases of ISMS as appropriate.
  • Various topic specific policies shall be developed by the Information Security Officer, HR, ITOPS and other Departments, as appropriate, and shall be communicated to the employees, in which relevant information security roles and responsibilities shall be defined.
  • All employees and third party staff should read, understand and adhere to the Information Security Policy of Sequantix.

Policy

Information Security Objectives

  • This policy provides management guidelines for information security and recommends appropriate security controls that need to be implemented to maintain and manage the information security in Sequantix.
  • Information Security Policy covers the management decisions, intentions, definitions, and rules relating to the information security in place during a defined time period.
  • The Information Security documents shall comprise policies, procedures and related documents for the domains of ISO 27001:2022.
  • Policies are mandatorily required to be adhered to, at all times, by the company
  • Procedures define the process/activities to be followed by respective stakeholders, to implement the policy objectives across the organization, using the suggested guidelines as per ISO 27001:2022..

The commitment of Sequantix should be to:

  • maintain an effective ISMS
  • deploy appropriate technology and infrastructure to ensure the security of Sequantix’s information
  • create and maintain a security conscious culture
  • continually monitor and improve the effectiveness of the ISMS.

Policy statements

  • Information Security is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.
  • The information security policy will be communicated throughout the organization to users in a form that is relevant, accessible and understandable to the intended audience.
  • The Information Security Objectives shall be aligned with the Organization’s Business Objectives. ISMS shall be designed and implemented accordingly in Sequantix.
  • This policy commits Sequantix to protect the security of its information. The Policy provides the same commitment to information entrusted to Sequantix by its customers and business partners. Sequantix should protect information confidentiality, preserve information integrity and assure information availability through an integrated Information Security Management System (ISMS).
  • The scope of the ISMS shall be determined, and an information security policy shall be defined based on ISO 27001:2022 standard requirements.
  • On the basis of this information security policy, a systematic approach to risk assessment shall be defined, and risks to the information assets shall be identified and protected.
  • The change management process shall be defined and approved by the Information Security Steering Committee (GRC) or the Change Advisory Board (CAB).
  • The Information Security Policy document should be reviewed once every year, or at the time of any major change(s), in the existing environment affecting policies and procedures, whichever is earlier.
  • Records for the policy review and approval should be maintained.
  • Continual Improvement shall be implemented and tracked to comply with the ISO 27001:2022 standard requirements.
  • An audit programme shall be defined and implemented, for all the planned Internal and External audits of Sequantix to ensure the Information Security compliance.

Policy Compliance

Compliance Measurement

The Infosec Officer will verify compliance with this policy through various methods, including but not limited to, business tool reports, internal and external audits, and feedback to the policy owner.

ISO 27001 Requirements: 7.5.2, 7.5.3

ISO 27001 Annex A: 5.1,5.2,5.9,5.10,5.11,5.15,5.18,5.24,5.25,5.26,5.27,5.28,8.24

Exceptions

Any exception to the policy must be approved by the Infosec team in advance.

Non-Compliance

An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

Looking for a strategic technology partner?

Reach out to explore how Sequantix can help accelerate your transformation journey.

Start Solving Today!

Start a Conversation with us!

Sequantix leverages 30 years of leadership in AI, data, and automation to create intelligent solutions that solve real-world operational challenges—securely, at scale.