Title: Information Security Policy
Author: Maria Clara Pereira
Revision Status: Approved
Issue date: 17/02/2025
VERSION
DATE
BY
DESCRIPTION
v0.1
14/02/2025
Maria Clara Pereira
Creation
v0.2
17/02/2025
Pedro Ribeiro
Review
v0.3
17/02/2025
Rui Machado
Approve
“At the highest level, the organization should define an “information security policy” which is approved by top management, and which sets out the organization’s approach to managing its information security” (Source: Control A5.1 of ISO/IEC 27002:2022)
This Information Security Policy outlines the framework for managing Information Security within Findmore, and sets forth the guidelines for managing information security at the highest level and is designed to:
This policy must be followed and implemented across all departments and is applicable to all employees, contractors, and third-party entities with access to Findmore’s ICT systems, networks, and data.
Asset anything that has value to the organization.
Control, measure that is modifying risk and include any process, policy, device, practice, or other actions which modify risk.
Information Management Security System (ISMS), consists of the policies, procedures, guidelines, and associated resources and activities, collectively managed by an organization, in the pursuit of protecting its information assets.
Information security risks, effect of uncertainty on information security objectives
Policy intentions and direction of an organization, as formally expressed by its top management.
Process, a set of interrelated or interacting activities which transforms inputs into outputs.
Review, activity undertaken to determine the suitability, adequacy and effectiveness of the subject matter to achieve established objectives.
Requirement, need or expectation that is stated, generally implied or obligatory.
Threat is a potential cause of an unwanted incident, which can result in harm to a system or organization.
Vulnerability, a weakness of an asset or control that can be exploited by one or more threats.
Findmore Management is the owner of this Information Security Policy, responsible for assigning the ISMS Roles and Responsibilities and approve ISMS documentation.
Process Owner is responsible for the maintenance and review of the documented information related with his/hers process.
Heads of Unit and Directors are responsible for ensuring that employees, contractors and third-party entities under their direction are made aware of and comply with this Information Security Policy, are remaining applicable ISMS requirements.
Auditors responsible for review the adequacy of the controls that are implemented to protect the Findmore information and recommend improvements where deficiencies are found.
Employees, contractors and third-party entities accessing Findmore systems and information are required to adhere and comply with this Information Security Policy and remaining applicable ISMS requirements.
Findmore Management is committed to ensuring that information, data and systems are protected by implementation of an Information Security Management System (ISMS) and effective security measures that uphold the following principles:
This includes ensuring that security is embedded in all aspects of the Findmore operations, from strategic decision-making to day-to-day activities.
Additionally, Findmore Management is committed to maintain transparency and accountability in all aspects of Information Security Management Systems and foster a secure and trusted environment for stakeholders.
Findmore recognizes that human behaviour is a critical component of information security and therefore, as appropriate, will:
• Ensure the communication of security policies to employees, contractors, and third-party entities, as relevant, to promote awareness and adherence to internal information security standards.
• Integrate security responsibilities into job-descriptions and the terms and conditions of employment.
• Provide regular awareness, training and resources to employees to help them understand their roles in maintaining security and preventing data breaches.
Findmore is committed to integrating risk management across all departments and activities at every level of the organization.
Strategic, organizational, financial, infrastructure, technical, operational and compliance potential risks are systematically identified, assessed, and mitigated in accordance with Risk Management Policy and underlying Process.
Information security controls shall be implemented, and categorized as follows:
Findmore is committed to satisfy applicable requirements related to information security, including, but not limited to:
And regularly assess practices to ensure that industry standards are meet
All employees, contractors, and third-party entities are:
Information security is achieved through the implementation of an applicable set of controls, selected through the chosen risk management process and managed using Findmore’s ISMS.
The security controls are delivered through policies, processes and procedures, and supported by infrastructure, awareness/training sessions, as follows:
Findmore is committed to continual improvement of the information security management system (ISMS), through regular reviews and audit, and to ensure its continuing suitability, adequacy and effectiveness.
Exemptions and exceptions to Information Security Policy must be:
The process for granting exemptions/exceptions will adhere to the following guidelines:
This policy will be reviewed annually, or whenever there are significant changes in technology, regulatory requirements, or business operations that may require updates to the access management policy.
This policy will be reviewed annually, or whenever there are significant changes in technology, regulatory requirements, or business operations that may require updates to the access management policy.
GENERAL INQUIRIES
info@findmore.eu
CAREERS
careers@findmore.eu
Av. D. João II, Lote 42,
Escritório 602,
1990-095 Lisbon
Lambroekstraat 5A
1831 Diegem
Belgium
@2024 Findmore Consulting, All rights reserved