Information Security Policy

Information Security Policy

BRAINTRUST is aware of and committed to information security according to the ISO 27001 reference standard.

The purpose of this Information Security Policy is to protect the information assets involved in the services provided by BRAINTRUST.

It is BRAINTRUST's policy to ensure that:

● Information is protected against loss of availability, confidentiality and integrity.

● Information is protected against unauthorized access.

● Applicable legal requirements are met.

● Business requirements are met with respect to information security and information systems.

The Security Committee assesses BRAINTRUST's information assets from which the risk analysis and risk management will be derived, both the analysis and risk management will be reviewed annually by the Management, which will decide whether a new risk analysis and risk management will be carried out. The risks to be treated will be reflected in the Risk Treatment Plan.

● Security incidents are communicated and dealt with appropriately.

● Procedures are established to comply with the Security Policy.

The Security Manager will be responsible for maintaining this policy, the management manual, procedures and for providing support in its implementation. In addition to supervising and checking that the Risk Treatment Plan corresponding to each year is complied with.

● Each employee is responsible for complying with this Policy and its procedures as applicable to his or her job.

It is BRAINTRUST's policy to implement, maintain and monitor the ISMS.

BRAINTRUST is committed to continuous improvement of the IMS. To this end, it relies on policies, objectives, results of internal audits, data analysis, corrective actions and management review to facilitate continual improvement.

This policy has been approved by the BRAINTRUST Security Committee and will be reviewed annually.

To see the original document, click here