Information
Security Policy
Updated April 2025
The purpose of this information security policy is to protect the information assets of ZENROWS, particularly the information systems that support the development and services of a web-based data management platform. This policy is aligned with ZENROWS's strategic direction and aims to support the company's business objectives through proper management of information security.
01OBJECTIVES
The objectives of the Information Security Management System are:
- To protect information against loss of availability, confidentiality, and integrity.
- To systematically and periodically assess and manage information security risks, implementing appropriate controls to mitigate identified risks.
- To comply with applicable legal requirements, applicable information security and information systems requirements, customer expectations, and contractual commitments regarding information security and data protection.
- To continuously improve the Information Security Management System.
- To align with ISO 27001.
02OUR COMMITMENTS
ZENROWS is committed to:
- Establishing, implementing, maintaining, and continuously improving an Information Security Management System.
- Ensuring that this policy is communicated to all ZENROWS personnel and other interested parties.
- Periodically reviewing this policy to ensure its continued suitability and effectiveness.
- Implementing a continuous improvement process to evaluate and adjust the policy and security controls in response to changes in the business environment, technological advances, and lessons learned from security incidents.
- Promoting a culture of information security throughout the organization.
- Providing ongoing training and awareness to all employees on best practices in information security and their individual responsibilities in protecting the company's information assets.
- Systematically keeping software up to date, installing the latest versions and available security patches to protect systems against known vulnerabilities and reduce the risk of security incidents.
- Establishing procedures for identifying, reporting, responding to, and recovering from security incidents.
- Implementing and maintaining a business continuity and disaster recovery plan that ensures the organization's ability to continue operating and recover from disruptions that may affect service and information availability.
03RESPONSIBILITY AND REVIEW
Each employee is responsible for complying with this policy and its procedures as applicable to their job position. Failure to do so may result in disciplinary action.
This policy has been approved by ZENROWS management and will be reviewed annually or upon any significant change in the business environment or in legal or regulatory requirements.
Management of ZENROWS
April 1, 2025