Information Security Policy
AFEX places great importance on maintaining the confidentiality, integrity, and availability of its data, and as a result, devotes significant resources to ensure the security of its information systems. We understand the critical role of information security in supporting business and customer services, contributing to operational and strategic business decisions, and conforming to legal and statutory requirements.
To ensure uninterrupted operation for the benefit of our customers, shareholders, and other stakeholders, AFEX is implementing an information security management system that aligns with the international standard for information security, ISO/IEC 27001. This system encompasses all systems, people, and processes that constitute the organization's information systems, including board members, directors, employees, suppliers, and other third parties with access to AFEX systems.
In addition to our information security policy, AFEX has developed several supporting policies that provide additional information on how the information security policy is applied.
- Teleworking Policy
- Access Control Policy
- Mobile Device Policy
- Physical Security Policy
- Cryptography Policy
- Communication Policy
- Secure Software Development Policy
- Business Continuity Management Policy
- Information Security Compliance Policy
- Asset Management Policy
- Anti-Malware Policy
- Network Security Policy
- Data Protection Policy
- Talent Management Security Policy
Each of these policies has been defined, approved, and communicated to the appropriate audiences within and outside of the organization. AFEX continuously evaluates and improves its policies, procedures, and information systems to keep up with evolving threats and best practices. We believe that information security is a shared responsibility, and we encourage all employees and stakeholders to report any security incidents or concerns. By working together, we can protect our organization and the data we handle, ensuring that we meet our obligations to our customers, shareholders, and other stakeholders.