Phitomas Information Security Policy​

At Phitomas, we are dedicated to safeguarding our information assets and those entrusted to us by our customers, partners, and stakeholders. In line with our recent achievement of ISO/IEC 27001:2022 certification, we maintain a robust Information Security Management System (ISMS) to ensure the highest standards of confidentiality, integrity, and availability of information.

This policy outlines our commitment to information security and serves as a public declaration of our practices. It applies to all aspects of our operations involving information systems and data handling.

Our Commitments

1. Compliance with Requirements
   We will comply with all applicable legal, regulatory, contractual and business requirements related to information security.
2. Risk Management
   We manage information security risks using a formal risk assessment and treatment process. This includes setting clear criteria for risk acceptance and defining acceptable risk levels.
   
3. Policies and Procedures
   We maintain up-to-date information security policies, procedures and guidelines. These are made available upon request to guide secure operations.
4. Leadership Responsibility
   Management is responsible for enforcing this policy and ensure that information security is implemented across all departments in scope.
5. Third-Party Access Control
   External parties (e.g., vendors, contractors, business partners) may only access Phitomas’s information under formal agreements, such as Non-Disclosure Agreements (NDAs) and must follow our security requirements.
6. Employee Responsibility
   All employees are responsible for protecting information assets against unauthorized access, disclosure, modification, loss or destruction. They are expected to follow relevant policies and procedures.
7. Policy Adherence
   Employees at Phitomas must comply with this Information Security Policy and supporting documents. Training and awareness programs are provided to ensure understanding and compliance.
8. Disciplinary Actions
   Employee violations of this policy may result in disciplinary action, in accordance with Phitomas rules and the Information Security Guidelines.
9. Security Objectives and Improvement
   We set and review information security objectives annually to improve the ISMS and support business goals.
10. Consideration of Stakeholders
    The needs and expectations of interested parties—including customers, regulators and partners—are considered in our ISMS.
11. Monitoring and Review
    We monitor, audit, and review our information security controls and systems regularly to ensure their effectiveness and improve where necessary.
12. Review and Update
    This policy is reviewed and updated annually or as needed to ensure its effectiveness and relevance.