Our top management commits to establishing and operating the ISO/IEC 27001 standard in a manner that fulfills the organization’s objectives and policies within the ISMS framework by complying with all of its requirements. Furthermore, we pledge to allocate the necessary resources and infrastructure investments to comply with the Information Security Management System, continuously improve the effectiveness of the process, and ensure that all employees understand this policy.

The purpose of this Information Security Policy is to:

1. Protect Information Assets: Safeguard information assets against internal or external threats and prevent unauthorized access.

2. Confidentiality and Integrity of Information: Preserve the confidentiality and integrity of information, preventing unauthorized alterations or disclosures.

3. Accessibility: Provide access to information as required and maintain business processes.

4. Legal Compliance: Act in accordance with relevant legal regulations and legislation.

5. Business Continuity: Develop, implement, and test business continuity plans.

6. Information Security Training: Ensure the participation of all employees in information security training and promote awareness.

7. Risk Management: Conduct risk analysis, assess risks, and take necessary precautions.

8. Incident Reporting: Report information security incidents and ensure their investigation.

9. Business Requirements: Meet business requirements and support information systems.

10. Continuous Improvement: Periodically review the effectiveness of the Information Security Management System and ensure the timely implementation of necessary improvements.

INFRANET reiterates its commitment to implement and maintain this policy and reaffirms its dedication to fulfilling its responsibilities in information security. This policy provides a fundamental framework for guiding and securing INFRANET’s information security practices.”