Information Security Policy


Notes:

  1. Guarantee that information is accessed only by authorized individuals.

  2. Guarantee that the information will not be modified, accidentally or intentionally.

  3. Ensuring that authorized individuals have access to information and associated systems when required.

  4. Ikonn's Integrated Quality and Information Security Management System.

  5. An information security incident can be a single event or multiple events.


1. Objective:

This Information Security Policy (“ PSI ”) aims to establish guidelines, standards, and procedures that promote information security while not hindering or impeding the organization's business processes, promoting:

  • The reliability of information, through the preservation of confidentiality, integrity, and availability of information within the company;

  • The company's commitment to protecting the personal data and information of Ikonn, its employees, or those under its care;

  • The participation of all employees to maintain and continuously improve Enterprise Resource Planning (“ ERP ”);

  • The effective dissemination, understanding, and compliance with information security guidelines, standards, and procedures by employees and relevant external parties.


2. Scope of application :

This applies to all employees and external parties who have access to Ikonn 's information, wherever they are located and regardless of the storage and access method.


3. Review and approval :

It should be reviewed whenever necessary. New versions of this Policy must be evaluated and approved by the Information Security and Privacy Executive Committee . After its approval, it will be made available to all employees and relevant external parties.


4. General Information Security Guidelines:

  • Responsibility for information security lies with all employees of the organization.

  • Security awareness should ensure that employees are aware of how to keep information safe and secure.

  • An ongoing awareness program is in place and maintained to ensure that staff awareness is updated as needed.

  • Concern for information security should be present in all of the organization's activities, especially in decision-making.

  • Ikonn establishes and maintains an Enterprise Resource Planning (“ ERP ”) system, adopting best market practices and complying with applicable legislation, standards, and regulations.

  • The use of the organization's information assets must be done ethically and professionally by everyone.

  • Information assets must be complete and available whenever requested by an authorized entity.

  • Failure to comply with this and other policies, standards, guidelines, and procedures that support it constitutes an information security incident.

  • Any and all information security incidents must be reported and addressed, and may result in disciplinary measures as outlined in the Code of Ethics and the application of sanctions stipulated in the contract or current legislation. Roles, responsibilities, and procedures to be followed are documented in the Security Incident Management Procedures.

    This Policy is subject to periodic updates. Always consult the current version.