Information Security policy
Introduction
WYLD Global's objective of managing information security is to ensure that its core and supporting business operations continue to operate with minimal disruptions. WYLD Global shall ensure that all information that are disbursed or produced by WYLD Global have absolute integrity. WYLD Global shall guarantee that all relevant information is managed and stored with appropriate confidentiality procedures.
Scope
This policy applies to all employees, contractors, third-party partners, and any other entities with access to WYLD Global’s information systems and data. It encompasses all information assets, including but not limited to, data, software, hardware, networks, and communication systems.
Information Security Objectives
The objectives of WYLD Global are:
- To ensure the appropriate protection and privacy of WYLD Global’s sensitive information processed, storedor transmitted on corporate ICT System.
- To prevent a breach or unauthorized access to WYLD GLOBAL’s systems
- To protect the WYLD Global brand reputation
- To comply with applicable laws and regulations
Policy
The purpose of the policy is to protect the organization’s information assets from all threats, whether internal or external, deliberate, or accidental. WYLD Global is committed to implementing an information security program in compliance with ISO/IEC 27001:2022 standard and continuously improving its information security practices. This will help maintain WYLD Global’s reputation in the industry and meet its legal/regulatory, and clients’ requirements.
The CEO has approved the Information Security Policy.
The objectives of WYLD Global are:
- Information should be made available with minimal disruption to staff and the public as required by the business process
- The integrity of this information will be maintained
- Confidentiality of information not limited to third parties, personal and electronic communications data will be assured
- Regulatory and legislative requirements will be met
- A Business Continuity Management Framework shall be made available and Business Continuity plans will be produced to counteract interruptions to business activities and to protect critical businessprocesses from the effects of major failures or disasters. Business continuity plans should be maintainedand tested
- Information security education, awareness and training will be made available to staff
- All breaches of information security, actual or suspected, will be reported to, and investigated by the relevant authorities not limited to System Administration and Incident Response team
- Appropriate access control will be maintained, and information is protected against unauthorized access.
- Policies, Procedures and Guidelines not limited to Information Security will be made available to support the Information Security Policy
- Compliance department has direct responsibility for maintaining the Information Security Policy and involved with writing and/or managing the development of relevant policies, procedures and guidelines not limited to information security
- Continual improvement of the information security management system.
- All managers are directly responsible for implementing the Information Security Policy within their units, and for adherence by their staff.
- It is the responsibility of each member of staff to adhere to the Information Security Policy.
- Policy will be communicated to internal organization and interested parties as appropriate.
Supporting Policies
The Information Security Policy is developed as a pinnacle document which has further policies, standards and guides which enforce and support the policy. The supporting policies are grouped into 3 areas: Technical Security, Operational Security and Security Management and are shown in the diagram overleaf. The Information Security Policy is closely aligned to the WYLD Global Information Governance Strategy and relies upon, and supports, the WYLD Global Physical and Personnel Security policies.
Technical Security
The technical security policies detail and explain how information security is to be implemented. These policies cover the security methodologies and approaches for elements such as: network security, patching, protective monitoring, secure configuration and legacy IT hardware & software.
Operational Security
The operational security policies detail how the security requirements are to be achieved. These policies explain how security practices are to be achieved for matters such as: data handling, mobile & remote working, disaster recovery and use of social media.
Security Management
The security management practices detail how the security requirements are to be managed and checked. These policies describe how information security is to be managed and assured for processes such as: information security incident response, asset management and auditing.
List of Policies and Procedures
Risk Assessment Methodology
Data Protection Policy
Acceptable Usage Policy
Disaster Recovery Plan
Access Control Policy
Encryption and Cryptography Policy
Anonymization and Pseudonymization Policy
Human Resource Security
Asset Management
Incident Management
Backup and Retention
Information Classification
Business Continuity Policy
Logging and Monitoring Standard
Capacity Management
Media Management
Change Management
Password Policy
Clear Desk and Clear Screen Policy
Secure Development Policy
Cloud Computing Security Policy
Supplier Management
Configuration Management
Teleworking Policy
Data Loss Prevention Policy
Vulnerability Management
Compliance Requirements
Legislation
WYLD Global is obliged to abide by all relevant legislation. The requirement to comply with this legislation shall be devolved to employees and agents of WYLD Global, who may be held personally accountable for any breaches of information security for which they may be held responsible. WYLD Global shall comply with all relevant legislation appropriate.
Audit
Audit will be performed as part of the ongoing WYLD Global Audit Programme and the Information Security Officer shall ensure appropriate evidence and records are provided to support these activities at least on an annual basis.
Review
This policy and associated policies and procedures shall be reviewed at least annually by the reviewers. The Information Security Officer shall be responsible for ensuring the review is conducted in good order and follows due process for approval.
Management review will be performed at least annually
The Information Security Officer is accountable for providing the results of ongoing reviews of information security implementation across WYLD Global.