Our organisation is committed to protecting the confidentiality, integrity, and availability of information entrusted to us. In alignment with the Information Security Management System (ISMS) principles, we have established a comprehensive cybersecurity framework to manage cyber risks and safeguard our digital environment.

Governance, Roles and Responsibilities

We maintain strong cybersecurity governance with clearly defined roles and responsibilities across management, Heads of Department, and users. Senior management provides oversight and direction, Information Technology Manager to ensuring cybersecurity risks are identified, managed, and reviewed regularly. All employees and relevant stakeholders are accountable for complying with information security requirements appropriate to their roles.

Policies, Procedures, and Risk Management

Our cybersecurity policies and procedures are formally documented, approved, and regularly reviewed to ensure alignment with business objectives and regulatory requirements. We adopt a risk-based approach, consistent with Cyber Trust Mark, to identify, assess, and treat cybersecurity risks across our information assets, systems, and third-party relationships.

Compliance, Training, and Awareness

We are committed to complying with applicable laws, regulations, and industry standards related to cybersecurity and data protection. Regular training and awareness programmes are conducted to ensure employees understand their cybersecurity responsibilities, emerging threats, and secure practices, fostering a strong security-conscious culture throughout the organisation.

Data Protection, System Security, and Threat Management

We implement appropriate technical and organisational controls to protect personal data, business-critical information, and intellectual property. This includes access controls, system hardening, monitoring, and secure configurations to defend against cyber threats. We continuously monitor for potential threats and apply preventive and detective measures to reduce the likelihood and impact of cybersecurity incidents.

Vulnerability Assessment and Incident Response

We conduct periodic vulnerability assessments to identify and remediate security weaknesses in a timely manner. In the event of a cybersecurity incident, we maintain a structured incident response process to ensure prompt detection, containment, investigation, recovery, and post-incident review, in line with Cyber Trust Mark best practices.

Through this commitment, we aim to maintain trust, resilience, and transparency in our digital operations, assuring our customers, partners, and stakeholders that cybersecurity remains a core priority of our organisation.