# Information Security Management System

This document can be used by internal and external parties to assess how we meet the information security requirements.

It is important that the information security management system is part of and integrated with our processes and overall management structure and that information security is considered in the design of processes, information systems, and controls. An information security management system implementation will be scaled in accordance with the changing needs of our organization.

<table data-full-width="false"><thead><tr><th>POLICIES</th><th width="249.33333333333331">STANDARDS</th><th>PROCESSES</th></tr></thead><tbody><tr><td><strong>INFORMATION SECURITY POLICY (1)</strong></td><td><strong>LINUX HARDENING STANDARD (2.1)</strong></td><td>Incident Management Processes (3.1)</td></tr><tr><td>Information Management Policy</td><td><strong>INFORMATION SECURITY GOVERNANCE STANDARD (1.1)</strong></td><td>Access Provisioning Process (4.1)</td></tr><tr><td><strong>Access Control Policy (4)</strong></td><td><strong>Incident Management Standard (3)</strong></td><td>Access Review Process (4.2)</td></tr><tr><td>Change Management policy</td><td>Risk Management Standard</td><td>On-boarding And Off-boarding Process (4.3)</td></tr><tr><td>Encryption Policy</td><td>Secure Development Management Standard</td><td>Vulnarability Management Process (5.1)</td></tr><tr><td><strong>Server Security Policy (2)</strong></td><td>Physical Security Standard</td><td>Threat Hunting Process (1.1.1)</td></tr><tr><td>Patch Management Policy</td><td>Penetration Testing Standard (5)</td><td></td></tr><tr><td></td><td>Information Asset Management Standard</td><td></td></tr><tr><td></td><td>Information Security Requirements Standard</td><td></td></tr><tr><td></td><td>Disaster Recovery Plan Standard</td><td></td></tr><tr><td></td><td>Back-up and Recovery Standard</td><td></td></tr><tr><td></td><td>Management System Improvement Standard</td><td></td></tr></tbody></table>