Information Security Management System (ISMS)

Parthian Technologies' (the “Company” or “Parthian”) commitment to information security is provided for in its Information Security Policy (the “Policy”). Information security is aligned with the organization’s business goals and will take into account the internal and external issues affecting the organization and the requirements of interested parties.

SCOPE

This policy applies to all top management, staff, contractors, and third-party employees under contract, who have any access to, or involvement with, the business processes, information assets, and supporting IT assets and processes covered under the scope of ISMS.

ISMS POLICY

  •  Parthian is committed to the development and maintenance of an Information Security Management System (“ISMS”) and has developed this Policy to:
    Provide a framework by which the confidentiality, integrity, and availability of the Company’s information assets can be maintained.
  • Employees are to comply with the policy and to be adequately trained in the
    Company’s standards and security procedures.
  • Ensure that all breaches of information security are reported, investigated,
    and appropriate action is taken where required.
  • Ensure that supporting ISMS policies and procedures are regularly reviewed
    and continual improvement is maintained to ensure progressive good
    working practices and procedures.
  • Optimize the management of risks, by preventing and minimizing the impact
    of Information Security incidents.
  • Ensure that all legal and regulatory standards are met.

Occasionally the Information Security Policy adopted will have to be updated to keep up with the most current regulations. When that happens, we will be sure to keep you informed and give you the links explaining the content of the changes. To complement the ISMS Policy, policies, principles, procedures, and guidelines for the Company will be made available in both print and online forms through an intranet system.

Information Security Requirements

With the internal business and cloud service clients, a precise criteria of information security requirements will be agreed upon and maintained, and all ISMS work will be focused on meeting those criteria. Legislative, regulatory, and contractual agreements will also be documented and included into the planning process.
The Company’s ISMS' key idea is that controls are implemented in response to business needs, which will be conveyed to all employees via team meetings and briefing documents on a regular basis.

Human Resources

Based on proper education, training, abilities, and experience, the Company will ensure that all personnel involved in information security are competent. The required skills will be determined and assessed on a regular basis, as well as an assessment of current skill levels within the Company. Training requirements will be identified, and a strategy will be implemented to guarantee that the appropriate skills are in place.
The HR department will keep track of training, education, and other necessary data to
document individual skill levels.

Roles and Responsibilities

The table below lists the roles with the overall responsibility for information security: