Information Security Management System
(ISMS) Policy

OBJECTIVE:

The objective of Information Security Policy is to ensure the information security continuity of QCP and to minimise the risk by reducing security incidents and thereby reducing the potential impact on the organization.

POLICY:

“We at QCP are committed to maintaining and improving information security within our Organisation and minimising both our and our
stakeholder’s exposure to data security risks.”

It is therefore QCP policy to ensure:

Confidential information will be protected against unauthorized access.

● The integrity of information will be maintained.
● Information will only be made available to authorized business processes and employees as required.
● Regulatory and legislative requirements will be met.
● Business continuity plans for mission critical activities will be reviewed, tested, approved & maintained.
● Information security training program(s) will be implemented and shall be made available to all staff on an ongoing basis.
● Management is committed to periodic reviews and continual improvement with respect to
ISO/IEC 27001:2022 standard requirements, ISMS objectives as applicable to QCP.
● All breaches of Information Security actual or suspected, will be reported, and investigated by relevant personnel.
● Procedures exist to support the policy, including Endpoint security & Malware control measures, Software Policy, Password Management
Policy and Business Continuity Plan.
● Third party/ External audits will be conducted minimum once in a year .
● Information security risk assessment will be carried out once in every quarter.

Authorized Signatory