Information Security Policy

Effective Date: 05/05/2025

Version: 1.0

1. Objective

The purpose of this Information Security Policy is to establish a structured framework for protecting the confidentiality, integrity, and availability of DealnoX Tech’s information assets. It supports the implementation of an Information Security Management System (ISMS) in accordance with the ISO/IEC 27001:2013 standard.

2. Scope & Applicability

This policy applies to:

  • All Dealnox Tech employees, contractors, vendors, and third-party users

  • All systems, applications, networks, data, and physical facilities owned or operated by Dealnox Tech

  • Any entity conducting business on behalf of Dealnox Tech that accesses our information assets

3. Commitment to Information Security

Delanox Tech is committed to:

  • Implementing and maintaining an ISO 27001-compliant ISMS

  • Meeting all relevant legal, regulatory, and contractual obligations

  • Ensuring confidentiality, integrity, and availability of data

  • Evaluating and mitigating risks to corporate assets (tangible, intangible, human)

  • Establishing and testing business continuity and disaster recovery plans

  • Promoting a safe and secure work environment for all personnel

  • Applying privacy and data protection standards in line with applicable laws

  • Providing regular information security training for all staff

4. Roles & Responsibilities

  • Executive Management oversees overall compliance and strategic direction

  • ISMS Steering Committee enforces policies and evaluates violations

  • Department Managers ensure ongoing policy adherence in their areas

  • All Staff must understand and comply with this policy and report concerns

5. Policy Enforcement

  • Compliance is mandatory for all users and departments.

  • Violations may result in disciplinary actions, including termination.

  • The severity of the violation will determine the level of enforcement.

6. Waiver Process

  • Requests for exceptions must be submitted in writing to Executive Management.

  • Each waiver must include a valid justification and defined time limit (max: 1 year).

  • Waivers may be extended up to 3 consecutive terms, but not beyond.

7. Policy Review & Updates

  • This policy will be reviewed annually or as needed based on business or regulatory changes.

  • All updates require approval from the Change Advisory Board (CAB) or during Management Review Meetings.

  • A change log must be maintained to document all revisions.

  • Any deficiencies or concerns must be reported to the Information Security Manager (ISMR) promptly.