IMS Policy Statement

INTRODUCTION

The Board and Management of Maplerad limited, which operates in the Financial Technology sector, is committed to preserving the confidentiality, integrity, and availability of all physical and electronic information assets throughout the organization, in order to preserve its assets, legal, and regulatory as well as contractual, compliance, and image. The Integrated Management Systems (ISO 27001, 27017, 27032, and ISO 22301) requirements will continue to be aligned with organizational goals and are also intended to be an enabling mechanism for information sharing, electronic operations, and reducing information & Technology related risks to acceptable levels.

Maplerad limited is committed to providing quality services to our customers, both internal and external, by aligning Information Technology investments with organizational goals. Maplerad limited has aligned its processes and operations to the ISO27001, ISO22301, standards and PCI-DSS requirements to ensure business continuity, cyber resilience, and protection of its information assets and maximization of benefits/returns on IT investments.

It is therefore, Maplerad Limited’s policy to ensure:

• Maplerad limited’s current strategy and Integrated Management Systems (IMS) provide the context for identifying, assessing, evaluating, and controlling information/process/service-related risks through the establishment and maintenance of the IMS. The risk assessment and risk treatment plan capture how identified risks are controlled in alignment with Maplerad limited’s risk management strategy.
• In particular, business continuity and contingency plans, data backup procedures, access control to systems, and information security incident reporting are fundamental to this policy. All employees of Maplerad limited shall have the responsibility of reporting incidents.
• All employees of Maplerad limited and external parties identified in the Management Systems are expected to comply with this policy. All staff and certain external parties will receive or be required to provide evidence of receiving appropriate training.
• Management is committed to the continual improvement of the IMS in the Organizations.
• Breach of the policy or security mechanism may warrant disciplinary measures, up to and including termination of employment/contract as well as legal action in line with the Cybercrime Prohibition Act 2015.