Privacy Policy

1. PURPOSE

Data protection and privacy policy of ISG deals with the process through which information concerning individuals including employees, third party users and client is obtained and disclosed. ISG respects the confidentiality of this information and strives to protect the privacy of individuals by regulating the collection, maintenance and disclosure of personal information.

2. SCOPE

All information concerning individuals including employees, third party users and clients are covered in the scope of this policy.

3. POLICY STATEMENT

3.1. ISG is committed to compliance with all relevant data protection policies.

3.2. Personal data is classified as refer to classification levels in Data Classification Policy.

3.3. The policy applies to all personal data held by the company, including on wireless notebook computers, personal digital assistants and mobile telephones.

3.4. All Employees/Staff will be provided training to ensure that they understand ISG’s policies and procedures to implement them.

3.5. The disciplinary process will be invoked in circumstances where this policy may have been transgressed.

4. VIOLATION OF POLICY

All employees are obligated to report all violations of policy to the Chief Information Security Officer or ISO immediately. The Chief Information Security Officer must approve any exceptions to this policy in advance.

5. ENFORCEMENT

Failure to comply with these policies may result in:

a. Withdrawal, without notice, of access to information and/or information resources.

b. Disciplinary action, up to and including termination.

c. Civil or criminal penalties as provided by law.

6. DOCUMENT OWNER AND APPROVAL

The Chief Information Security Officer (CISO) is the owner of this document and is responsible for ensuring that this policy document is reviewed in line with the review requirements stated above. A current version of this document is available to all members of staff on the corporate intranet (Empower).

7. REFERENCES

This policy refers to the section 18.1.4 and 18.1.5 of the ISO/IEC 27001 standard.