H2 Solutions Information Security Policy

 

This document (and any extract from it) may not be copied, paraphrased, reproduced, or distributed in any manner or form, whether by photocopying, electronically, by the internet, within another document or otherwise, without the prior written permission of H2 Solutions. Further, any quotation, citation, or attribution of this publication, or any extract from it is strictly prohibited without H2 Solutions’ prior written permission.

 

Introduction

H2 Solutions implements international best practice frameworks for Information Security to protect its information and that of its client/partners in order to minimize business risk and ensure business continuity.

 

Scope

The ISMS policy applies to all H2 Solutions’ information technology infrastructure, telecommunication systems, physical facilities and equipment owned or leased by H2 Solutions employees and third-party contractors as well as all devices connected to the H2 Solutions network.

This policy also applies to all users of H2 Solutions’ resources – including (but not limited to) staff, consultants, contractors and other third parties.

 

Policy Statements

Commitment to Continual Improvement and Satisfying Requirements

H2 Solutions Commits its ISMS is to continuous systematic review and improvement and to remain committed to satisfying all of its applicable legal, regulatory and contractual requirements are relates to Information Security.

Information security requirements shall be aligned with H2 Solutions’ strategic goals. The ISMS shall establish, maintain, and continually improve the mechanism for information transfer within and outside H2 Solutions and shall reduce information-related risks to acceptable levels.

H2 Solutions’ strategy and risk management framework provides the context for identifying, assessing, evaluating, and controlling information-related risks through appropriate risk management. The Risk Assessment, Statement of Applicability and Risk Treatment Plan define how information-related risks will be controlled.

 

Information Security Management System (ISMS) Policy

Policies for Information Security

The Information Security Management System (ISMS) policies form the minimum baseline for information security at H2 Solutions. The policies are approved by H2 Solutions’ Management, published, and communicated to all H2 Solutions employees and other relevant external parties.

 

Information security awareness, education, and training

H2 Solutions provides all personnel with relevant training in information security policies annually. All H2 Solutions personnel receives such training, as applicable, as soon as possible after joining the company, or before a user is granted access to H2 Solutions’ information or information processing facilities.

Where specific training is required for specialized business functions, additional training materials and/or training are be developed and delivered as required to those H2 Solutions personnel involved.

 

Information and communication technology supply chain

Where key contracts with third parties involve an information or service supply chain with other external parties, H2 Solutions communicates all pertinent security controls (including those over electronic communications) with which all third parties in the supply chain are required to comply. The third parties contracting with H2 Solutions acknowledges in writing their acceptance and commitment to meet, follow and enforce all required security controls through the supply chain, including any sub-contractors that they use down-stream.

 

Monitoring and review of supplier services

H2 Solutions’ Business Development Managers are responsible for monitoring their third-party contracts/ agreements to ensure that the services are being delivered as expected and on time. For all major contracts, an audit of performance against committed service levels and for compliance with H2 Solutions’ policies & security requirements, are conducted regularly.

H2 Solutions’ Business Development Managers classify the third party based on the data types (H2 Solutions and/or client data) and locations where the third-party stores H2 Solutions’ (and/or Client) data.

 

Response to information security incidents

Incident responses are in line with the documented response process. With any incident involving client data, additional notification should be provided to the ISC. H2 Solutions ensures that its personnel are made aware of their responsibility for reporting incidents or vulnerabilities as quickly as possible.

 

Notice of Compliance

H2 Solutions reserves the right to modify (add or remove) portions of this document at any time. Notification of changes to any document (policies, procedures, or manuals) shall be by email or publication via H2 Solutions’ internally approved communication channels and shall be deemed fully enforceable thereon. Failure to comply with this document could result in consequences including, but not limited to termination of contract or employment.