Information Security Policy has been implemented at Centrecom to ensure that our information is protected effectively and that we can meet our obligations to all stakeholders as a trusted outsourcing partner that provides a variety of B2B and B2C solutions, tailored to meet the specific needs of each client.
The information security objectives are defined and reviewed annually, based on the information security requirements, being:
- The risk assessment and treatment analysis, considering Centrecom’s overall business strategy and objectives
- The legal, statutory, regulatory, and contractual requirements, that Centrecom and related stakeholders must satisfy
- The set of principles and business requirements to protect the primary and supporting information security-related assets from the loss of confidentiality, integrity or availability.
Top management of Centrecom commits to satisfy applicable requirements related to information security, provide necessary resources, and continually improve the information security management system by enhancing the resilience against the potential impact of an incident or breach.
The information security responsibilities and authorities are assigned to the defined roles in accordance with the information security policies. The overall responsibility to ensure that the information security management system conforms to the requirements of ISO/IEC 27001 is assigned to the Information Security Steering Group.
Information security at Centrecom is achieved by implementing a set of controls, based on ISO/IEC 27001, including policies, processes, procedures, organisational structures and software and hardware functions. These controls are monitored, reviewed, and continually improved annually and when a major change in operations occurs, to ensure that the information security objectives are met.This allows us to deliver a better experience tailored to each of our users, whether it’s directly from our website or through one of our social media pages.
This information security policy is supported by topic-specific policies and/or worksheets, which further mandate the implementation of information security controls and are structured to address the needs of certain target groups or to cover certain topics.
The policies for information security are reviewed annually or if significant changes occur to ensure their continuing suitability, adequacy, and effectiveness. These policies are communicated within Centrecom and are available to interested parties, as appropriate.