Information Security Policy

Information Security Policy

BRAINTRUST is aware of and committed to information security in accordance with the ISO 27001 standard.

The purpose of this Information Security Policy is to protect the information assets involved in the services provided by BRAINTRUST.

It is BRAINTRUST's policy to ensure that:

● Information is protected against loss of availability, confidentiality, and integrity.

● The information is protected against unauthorized access.

● The applicable legal requirements are met.

● Business requirements regarding information security and information systems are met.

● The Security Committee assesses the information assets available to BRAINTRUST, from which it will derive the risk analysis and subsequently the risk management. Both the risk analysis and risk management will be reviewed annually by Management, which will decide whether to carry out a new risk analysis and management. The risks to be addressed will be reflected in the Risk Treatment Plan.

● Security incidents are reported and handled appropriately.

● Procedures are established to comply with the Security Policy.

● The Security Officer will be responsible for maintaining this policy, the management manual, and procedures, and for providing support in their implementation. In addition, they will supervise and verify compliance with the Risk Treatment Plan for each year.

● Each employee is responsible for complying with this Policy and its procedures as they apply to their job.

● It is BRAINTRUST's policy to implement, maintain, and monitor the ISMS.

● BRAINTRUST is committed to the continuous improvement of the IMS. To this end, it relies on policies, objectives, internal audit results, data analysis, corrective actions, and management review to facilitate continuous improvement.

This policy has been approved by the BRAINTRUST Security Committee and will be reviewed annually.

To view the original document, click here.