Information Security Policy

The Information Security Policy is based on ISO / IEC 27001: 2013 controls and the implementation guide of ISO / IEC 27002: 2013 which describes these controls.

DefineX is committed to the development and maintenance of an Information Security Management System based upon the International Standard the Company has developed this Information Security Policy to:

• Provide direction and support for information security in accordance with business requirements, regulations and legal requirements.

• State the responsibilities of staff, partners, contractors and any other individual or organization having access to the Company’s information assets.

• State management intent to support the goals and principles of security in line with business strategy and objectives.

• Provide a framework by which the confidentiality, integrity and availability of the Company’s information assets can be maintained.

• Optimize the management of risks, by preventing and minimizing the impact of Information Security incidents.

• Ensure that all breaches of information security are reported, investigated and appropriate action taken where required.

• Ensure that supporting ISMS policies and procedures are regularly reviewed and continual improvement is maintained to ensure progressive good working practices and procedures.

• Ensure information security requirements are regularly communicated to all relevant parties.