Last Updated (29/05/2023)

Ingenuous Pty Ltd is committed to implementing an Information Security Management System (ISMS) to ensure information systems are appropriately protected from loss of confidentiality, integrity, and availability.

This document provides an overview of requirements of Ingenuous Pty Ltd management and employees regarding information security. It identifies the requirements for an effective information security management system, sets objectives and provides the overall view of management regarding information security.

Our commitment is to ensure that Ingenuous Pty Ltd:

• Implements and maintains an effective and auditable Information Security Management System.
• Maintains appropriate systems to ensure integrity and protection against unauthorised alteration or destruction.
• Employees and users of Ingenuous Pty Ltd systems have timely and reliable access to information and services.
• Promotes security of information and information systems.
• Employees understand the importance of information security and comply with all policy, procedures and standards regarding information and information assets.
• Aligns risk assessment practices relating to the ISMS with the Ingenuous Pty Ltd Risk Management Framework.
• Implements controls for identified risks, threats and vulnerabilities.
• Sets a baseline for information security and continues to improve the management system.
• Complies with statutory, legislative and government direction regarding information security.

The following principles underpin this policy statement:

• Alignment and compliance with requirements of ISO/IEC 27001:2013 Information technology – Security techniques – Information security management systems
• Annual attestation of compliance to ISO/IEC 27001:2013 Information Security Management System