ISMS POLICY
Summary
Introduction
This policy defines how the information security management system will be set up, managed, measured, reported on and developed within Renmoney MFB
Renmoney MFB is committed to providing services according to clients’ expectations, ensuring that we take all relevant Information Security measures when delivering services to our clients.
It is the policy of Renmoney MFB to commit and maintain an information security management system designed to meet the requirements of ISO 27001:2022 in pursuit of its primary objectives.
To drive continual improvement within the information security management system, Renmoney MFB shall set objectives on an annual basis as part of the annual Review Process; these objectives ensure the system is appropriately monitored and measured. All objectives are communicated to all staff and include key responsibilities, timescales, and appropriate measures of success.
- All information and systems will be protected against unauthorized access, unavailability, and disclosure.
- Confidentiality of information will be maintained.
- The integrity of information is protected from unauthorized modification.
- Regulatory and legislative requirements will be met.
- Business continuity plans will be maintained and tested (as far as practicable)
- All suspected breaches of information security will be reported and investigated.
- Adequate prevention and detection of malware is in place.
- Information Security Policies are in place to ensure the safe practice of using our computers and information systems.
- Competent external providers that meet all pre-qualification requirements are engaged.
ISMS Policy Statements
Renmoney is committed to maintaining and improving its information security by implementing and maintaining an information security management system based on ISO 27001:2022. The bank aims to meet and exceed the expectations of its stakeholders, comply with all relevant regulations and industry requirements.”
Setting the ISMS Objectives
The high-level objectives for the information security management system within Renmoney MFB are defined. These are fundamental to the nature of the business and are not subject to frequent change.
These overall objectives will be used as guidance in the setting of lower-level, more short-term objectives for planning within an annual cycle timed to coincide with the bank’s budget planning. This will ensure that adequate funding is obtained for the improvement of activities identified. These objectives will be based upon a clear understanding of the overall business requirements and how they may change during the year.
Top Management Leadership and Commitment
Commitment to the information security management system objectives extends to senior levels of the bank and will be demonstrated through this ISMS Policy and the provision of appropriate resources to provide and develop the ISMS and associated controls.
Top management will also ensure that a systematic review of the performance of the program is conducted on a regular basis to ensure that the objectives are being met and relevant issues are identified through the audit program and management review processes.
The Top management shall have overall authority and responsibility for the implementation and management of the information security management system, specifically:
- The identification, documentation, and fulfilment of the information security
management system objectives. - Implementation, management, and improvement of risk management processes
- Integration of operational processes, procedures, and controls
- Compliance with statutory, regulatory, and contractual requirements
- Reporting to top management on performance and improvement
4.1. Commitment to satisfying applicable requirements.
Commitment to the delivery of an information security management system extends to senior levels of the bank and will be demonstrated through this information security management system Policy and the provision of appropriate resources to establish and develop the ISMS.
Top management will also ensure that a systematic review of the performance of the program is conducted on a regular basis to ensure that information security management system objectives are being met, and information security issues are
identified through the audit program and management processes.
Renmoney Top Management is also committed to satisfying the following applicable requirements with regard to the ISMS by:
- Ensuring improvement of the information security management systems
- Providing necessary human, financial, and technological resources to establish and develop information security management systems.
- Providing direction and support for information security in accordance with business requirements and relevant laws and regulations
- Establishing a management framework to initiate and control the implementation and operation of information security within the bank.
- Ensuring that employees and contractors understand their responsibilities and are suitable for the roles for which they are considered.
- Ensuring that information receives an appropriate level of protection in accordance with its importance to the bank.
- Ensuring authorized user access and preventing unauthorized access to systems and services.
- Operating the ISMS, ensuring coordination of the activities and the resources.
Continual Improvement of the ISMS
Renmoney MFB policy regarding continual improvement are to:
- Continually improve the effectiveness of the ISMS
- Enhance current processes to bring them into line with good practice as
defined within ISO/IEC 27001:2022 - Achieve Certification and maintain it on an ongoing basis.
- Review relevant metrics on an annual basis to assess whether it is appropriate to change them, based on collected historical data.
- Review ideas for improvement at regular management meetings to prioritize and assess timescales and benefits.
ISMS Policy
Introduction
This policy defines how the information security management system will be set up, managed, measured, reported on and developed within Renmoney MFB
Renmoney MFB is committed to providing services according to clients’ expectations, ensuring that we take all relevant Information Security measures when delivering services to our clients.
It is the policy of Renmoney MFB to commit and maintain an information security management system designed to meet the requirements of ISO 27001:2022 in pursuit of its primary objectives.
To drive continual improvement within the information security management system, Renmoney MFB shall set objectives on an annual basis as part of the annual Review Process; these objectives ensure the system is appropriately monitored and measured. All objectives are communicated to all staff and include key responsibilities, timescales, and appropriate measures of success.
1.1. It is our policy to ensure that- All information and systems will be protected against unauthorized access, unavailability, and disclosure.
- Confidentiality of information will be maintained.
- The integrity of information is protected from unauthorized modification.
- Regulatory and legislative requirements will be met.
- Business continuity plans will be maintained and tested (as far as practicable)
- All suspected breaches of information security will be reported and investigated.
- Adequate prevention and detection of malware is in place.
- Information Security Policies are in place to ensure the safe practice of using our computers and information systems.
- Competent external providers that meet all pre-qualification requirements are engaged.
ISMS Policy Statements
By accessing or using the Platform, our services or products, you agree to this GTC. You further agree that this GTC constitutes a legally binding agreement between you (whether personally or on behalf of any entity which you represent) and Renmoney concerning your access to and use of any of our Platforms and all the services linked, related, or otherwise connected thereto.
Setting the ISMS Objectives
The high-level objectives for the information security management system within Renmoney MFB are defined. These are fundamental to the nature of the business and are not subject to frequent change.
These overall objectives will be used as guidance in the setting of lower-level, more short-term objectives for planning within an annual cycle timed to coincide with the bank’s budget planning. This will ensure that adequate funding is obtained for the improvement of activities identified. These objectives will be based upon a clear understanding of the overall business requirements and how they may change during the year.
Top Management Leadership and Commitment
Commitment to the information security management system objectives extends to senior levels of the bank and will be demonstrated through this ISMS Policy and the provision of appropriate resources to provide and develop the ISMS and associated controls.
Top management will also ensure that a systematic review of the performance of the program is conducted on a regular basis to ensure that the objectives are being met and relevant issues are identified through the audit program and management review processes.
The Top management shall have overall authority and responsibility for the implementation and management of the information security management system, specifically:
- The identification, documentation, and fulfilment of the information security management system objectives.
- Implementation, management, and improvement of risk management processes
- Integration of operational processes, procedures, and controls
- Compliance with statutory, regulatory, and contractual requirements
- Reporting to top management on performance and improvement
Commitment to the delivery of an information security management system extends to senior levels of the bank and will be demonstrated through this information security management system Policy and the provision of appropriate resources to establish and develop the ISMS.
Top management will also ensure that a systematic review of the performance of the program is conducted on a regular basis to ensure that information security management system objectives are being met, and information security issues are identified through the audit program and management processes.
Renmoney Top Management is also committed to satisfying the following applicable requirements with regard to the ISMS by:-
- Ensuring improvement of the information security management systems
- Providing necessary human, financial, and technological resources to establish and develop information security management systems.
- Providing direction and support for information security in accordance with business requirements and relevant laws and regulations
- Establishing a management framework to initiate and control the implementation and operation of information security within the bank.
- Ensuring that employees and contractors understand their responsibilities and are suitable for the roles for which they are considered.
- Ensuring that information receives an appropriate level of protection in accordance with its importance to the bank.
- Ensuring authorized user access and preventing unauthorized access to systems and services.
- Operating the ISMS, ensuring coordination of the activities and the resources.
Continual Improvement of the ISMS
Renmoney MFB policy regarding continual improvement are to:- Continually improve the effectiveness of the ISMS
- Enhance current processes to bring them into line with good practice as defined within ISO/IEC 27001:2022
- Achieve Certification and maintain it on an ongoing basis.
- Review relevant metrics on an annual basis to assess whether it is appropriate to change them, based on collected historical data.
- Review ideas for improvement at regular management meetings to prioritize and assess timescales and benefits.