Information Security Management System

Why We Implemented an ISMS

We understand that customers trust us with sensitive data as we build and support cloud-based analytics, customer data platforms, and other digital solutions. To maintain and justify that trust, we formalized our security approach by implementing an ISMS.

Our motivation was not only compliance but also to strengthen the way we handle:

• Security responsibilities across the organization

• Access control and identity management

• Change management and audit logging

• Software development and deployment processes

• Incident response and business continuity

Scope of Our ISMS

Our ISMS covers the entire organisation, including:

• Design and development of software and platforms

• Data engineering and cloud infrastructure activities

• Customer support services

• Internal IT systems

This includes all staff, contractors, infrastructure, and tools used to deliver our services.

Our Approach to Information Security

We apply a continuous improvement model based on the Plan–Do–Check–Act (PDCA) cycle. This means we:

• Plan for risk by identifying threats and defining controls

• Implement technical and organisational safeguards

• Monitor and review compliance, performance, and incidents

• Improve policies, training, and tools over time

Security responsibilities are shared across the team and embedded into daily practices.

Some of the concrete practices we follow include:

• Use of encrypted company laptops

• Revocation of access immediately upon offboarding

• Segregation of development, testing, and production environments

• Detailed change management and rollback procedures

• Periodic audits and external reviews