At ARB Apex Bank Plc, we prioritize the protection of sensitive information and data assets to ensure the trust and confidentiality of our customers, partners, and all other stakeholders. Our Information Security Policy outlines the principles and guidelines for safeguarding information assets and maintaining the integrity and availability of our systems.
Scope and Objectives
This policy applies to all employees, contractors, and third-party vendors who access, manage, or handle company information. The primary objectives include maintaining the confidentiality, integrity, and availability of all the Bank’s information assets.
Policy Statement
- Data Classification: We classify information based on its sensitivity and criticality, ensuring appropriate levels of protection and access controls are implemented. Classification levels may include public, internal, confidential, and restricted data.
- Access Control: Access to information systems and data is granted on a need-to-know basis. User accounts are assigned with appropriate access privileges, and access rights are regularly reviewed and updated. The use of all granted access is also monitored.
- Physical Security: We maintain physical security measures to protect against unauthorized access, theft, or damage to information assets. This includes secure access controls to facilities, equipment, and storage areas.
- Network Security: Our network infrastructure is secured through firewalls, encryption, intrusion detection systems, and regular monitoring to prevent unauthorized access, data breaches, and network attacks.
- Data Protection: We employ encryption, access controls, and backup procedures to safeguard data integrity and prevent data loss or corruption. Personal and sensitive information is handled in accordance with applicable privacy regulations.
- Incident Response: Procedures are in place to promptly detect, assess, and respond to security incidents, including data breaches, unauthorized access, or system vulnerabilities. Incident response teams are designated to coordinate response efforts and mitigate risks.
- Training and Awareness: Regular training and awareness programmes are conducted to educate employees about their roles and responsibilities in maintaining information security. This includes awareness of security best practices, policies, and procedures.
- Compliance and Auditing: We adhere to relevant laws, regulations, contractual requirements, and industry standards governing information security. Regular audits and assessments are conducted to ensure compliance with internal policies and external requirements.
- Policy Review and Updates: This policy is periodically reviewed and updated to address emerging threats, technological advancements, and changes in business operations. Employees are notified of any policy changes and are expected to adhere to the updated guidelines.
- Improvement: ARB Apex Bank will continually improve the appropriateness, competence, and efficiency of ISMS using processes such as planning, support, leadership, and performance evaluation to identify improvement areas and make the necessary changes to enable the continuous improvement of the ISMS.
By adhering to this Information Security Policy, we demonstrate our commitment to protecting the confidentiality, integrity, and availability of information assets and maintaining the trust of our stakeholders.