Information security policy

Information security policy Statement

1. The top management of Cellulant Corporation Limited located at 5th & 6th Floor Cavendish Block, 14 Riverside Drive, Nairobi, Kenya, is committed to preserving the confidentiality, integrity and availability of all the physical and electronic information assets throughout the organization in order to ensure the achievement of Cellulant business, information security objectives and compliance with legal, regulatory and contractual requirements. Cellulant top management is committed to ensuring the continual improvement of the Information Security Management System.

2. The goal of this policy is the protection of the information and information assets related to the delivery of Cellulant services, against all internal, external, deliberate or accidental threats. CELLULANT is committed to aligning its processes, operations, products and services to the ISO27001:2013 standard and PCIDSS requirements.

3. Information is a valuable asset for Cellulant and it exists in many forms; printed or written on paper, stored electronically, transmitted by post or using electronic means, shown on films, or spoken in conversation. It is the responsibility of ALL staff members to adhere to the requirements laid out in this policy, more specifically;

a. It is responsibility of ALL staff members to:
i. Ensure that Information confidentiality will be kept and protected against any unauthorized access
ii. Ensure Integrity of Cellulant information through protection from unauthorized modification.
iii. Availability of Cellulant information to authorized users when needed.
iv. Protect the Confidentiality, Integrity and Availability of all CELLULANT information assets
v. Report any security incident or breach to the appropriate staff member according to the Incident Management Policy.

b. It is responsibility of ALL managers to:
i. Implement this policy within their business areas, and make sure it is adhered to by their members of staff.
ii. Make sure that all staff within their business area undergoes appropriate security awareness training in support of the goals of this policy.

4. Within Cellulant, an Information Security Management System (ISMS) has been put in place, which includes a risk management framework for the identification, assessment, evaluation and control of all information security risks. The ISMS is subject to continuous and systematic review with improvements, where necessary. The scope of the ISMS is protection of all information and information assets for the delivery of Cellulant Payments, Messaging, Checkout, Digital Banking and Remittance services.

5. Information security requirements will continue to be aligned with organizational goals and objectives, and the Information Security Management System (ISMS) is intended to be an enabling mechanism for information sharing, processing, transmitting, storage, electronic operations, e-commerce and reducing information-related risks to acceptable levels.

6. A current version of this document is available to all members of staff. It does not contain confidential information and can be released to relevant external parties. This information security policy was agreed and approved by the Executive Management and is issued on a version controlled basis under the signature of the Chief Executive Officer (CEO).

7. All employees of CELLULANT and related external parties identified in the ISMS are expected to comply with this policy without exception. All staff will receive ISMS related training and related external parties will be required to provide evidence of ISMS training. Any person found to breach this policy or any of the supporting policies, may be subject to a disciplinary process, according to the Human Resource Disciplinary Policy, up to and including termination of employment, service contract, or project assignment. Violation may also constitute unlawful behavior and subject a Cellulant employee to civil and/or criminal liability.