The Information Security Policy aims to establish a management framework to initiate and control the implementation of information security within GoodCore.
This policy applies to GoodCore and all parties, its affiliated partners or subsidiaries, including data processing and process control systems, that are in possession of or using information and/or facilities owned by GoodCore.
This policy applies to all staff/ users that are directly or indirectly employed by GoodCore or any entity conducting work on behalf of GoodCore that involves the use of information assets owned by GoodCore.
Compliance with this policy is mandatory and GoodCore managers shall ensure continuous compliance monitoring within their departments. Compliance with the statements of this policy is a matter of annual review by the executive management and external auditor. Any violation will result in disciplinary action by ISMS Steering Committee.
Disciplinary action will be depending on the severity of the violation which will be determined by the investigations. Actions such as termination or others as deemed appropriate by GoodCore Management and escalate to the executive management.
This policy is intended to address information security requirements. If needed, waivers shall be formally submitted to the executive management, including justification and benefits attributed to the waiver. The policy waiver period has maximum period of one year, and shall be reassessed and re-approved, if necessary for maximum three consecutive terms. No policy shall be provided waiver for more than three consecutive terms.
Technological advances and changes in the business requirements will necessitate periodic revisions to policies. Therefore, this policy may be updated to reflect changes or define new or improved requirements.
Deficiencies within this policy shall be immediately communicated to the Information Security Manager / ISMR. Policy changes will require the approval of the CAB / Management Review Meetings. Change log shall be kept current and will be updated as soon as any change has been made.