AZA Finance is committed to protecting the security and privacy of information in the face of security breaches and unwanted events and has implemented an Information Security Management System (ISMS) that is compliant with ISO/IEC 27001:2013, the international standard for information security, PCI-DSS 3.2.1, payment card industry data security standard, SOC 2, a voluntary compliance standard for service organizations, developed by the American Institute of CPAs (AICPA), and data protection regulations including the GDPR, NDPR, and POPIA.
The management of AZA Finance is committed to ensuring:
1. Information will be protected against unauthorised access and processing in accordance with its classification level. On this basis, access to information will be on the basis of least privilege and need to know.
2. Confidentiality, Integrity and Availability of information for business processes will be assured and maintained.
3. Legislative and regulatory requirements will be met.
4. Information security training will be available for all employees.
5. Staff with particular responsibilities for information must ensure theclassification of that information; must handle that information in accordance with its classification level; and must abide by any contractual requirements, policies, procedures or systems for meeting those responsibilities.
6. All actual or suspected information security breaches will be reported to the IT Service Desk and will be thoroughly investigated.
7. Procedures and guidelines developed and maintained to support the information security policy, including access control measures, passwords and physical security.
8. Business continuity and disaster recovery plans are developed, maintained and tested.
9. All users covered by the scope of this policy must handle information appropriately and in accordance with its classificationlevel.
10. Information security provision and the policies that guide it will be regularly reviewed, including through the use of annual internal audits.
Compliance with the Information Security Policy is mandatory, and all managers are directly responsible for implementing the policy and ensuring staff compliance in their respective departments.