Information Security Policy

CCK FINANCIAL SOLUTIONS is committed to protecting the security of its information and information systems. It is CCK FINANCIAL SOLUTIONS’s policy that the information it manages shall be appropriately secured to protect against breaches of confidentiality, failures of integrity or interruptions to the availability of that information and to ensure appropriate legal, regulatory and contractual compliance. To determine the appropriate level of security control that should be applied to information systems, a process of risk assessment shall be carried out in order to define security requirements and identify the probability and impact of security breaches.

According to the above direction all CCK FINANCIAL SOLUTIONS staff are committed to:

• Use of all reasonable, appropriate, practical and effective security measures to protect our important processes and assets in order to achieve our security objectives.
• Protecting and managing our information assets to enable us to meet our contractual, legislative, privacy and ethical responsibilities and satisfy applicable IS requirements and legal requirements
• Protect the confidentiality, integrity and availability of information to guarantee that regulatory, operational and contractual requirements are fulfilled.
• Implement and conduct information security risk management to protect information and related assets from all threats, whether internal or external, deliberate or accidental.
• Encourage personnel to stay up to date with the latest security trends, regulations and procedures and conduct effective training.
• Maintain the availability, security and reliability of all the services we provide for our clients even if security incidents occur.
• Maintain and test business continuity plans.
• The review and re-evaluation of information security management system annually and/ or based on any system changes.
• Protect the system against unauthorised access.
• Report and investigate information security breaches by Information Security Manager.
• Set monitor and continuous improvement of Information security objectives.