Call Center: 151
Information Security Policy Myaccount | Mymerchant
Waafi

Information Security Policy

ISO 27001

Policy Statements

Telesom is committed in accordance with the company purpose and values to maintaining and improving information security and minimizing exposure to risk within the telco to provide a secure and quality service to our customers.

It is Telesom’s policy therefore to ensure that:

  • Information security risks will be maintained at an acceptable level.
  • Risks resulting from organizational, physical, environmental and emerging technological changes and the use of 3rd parties will be assessed and appropriately managed
  • The confidentiality of corporate and customer information will be assured. Sensitive information will be protected against unauthorized access and the integrity of information will be maintained. Information will only be made available to authorized business processes, employees, suppliers and other interested parties as and when required. The requirements of interested parties (including regulatory, contractual and legal requirements) will be met;
  • The protection of information will be considered when business continuity plans for mission critical activities are produced, maintained, tested or invoked;
  • Information security awareness and trainings will be made available to all employees and suppliers as appropriate;
  • All breaches of information security will be reported to and investigated by following the existing incident management process.

To support this policy:

  1. Telesom has established an Information Security Management System (ISMS) which incorporates a formal and systematic approach to information risk management. The ISMS identify business needs and the needs of interested parties with regards to information security requirements (including contractual, regulatory, data protection and any other relevant requirements) and create an effective operational security framework.
  2. Information Security objectives shall be set every three years, supported by a set of key performance indicators cascaded through the Balanced scorecard. These measures shall be reported to the Steering Committee and Management Review on a quarterly basis.
  3. Telesom management shall ensure the continual improvement of the ISMS. Continual improvement shall be continuously reviewed by management and the need for any change communicated to all employees.
  4. Telesom shall fully comply with and certify to the IEC/ISO 27001:2013 standard for information security.


Roles and Responsibilities

  • All company employees, 3rd Party and contracted staff have the responsibility of knowing, understanding and adhering to the Information Security Policy.
  • Network and Information Security together with the Human Resource Department is responsible for communicating the Information Security Policy to all new and existing company employees.
  • The ISMS Manager is responsible for developing and reviewing the policy every two years or whenever a significant change occurs.
  • Risk owners shall be responsible for the implementation and maintenance of the requirements of this policy, commensurate with the value of information assets they own and the risks to which they are exposed.
  • For New Products & Systems, project managers will be responsible for the delivery and implementation of the requirements of this policy, commensurate with the value of information assets (whose delivery they are responsible for) and the risks to which they are exposed.
  • Line Managers will assist in:
    • making sure that employees know and apply this policy
    • help, advise and check that their employees observe this policy
    • take all measures to enforce requirements of this policy


Enforcement:

  1. It is mandatory that all those who work for Telesom, whether as employees, contractors, consultants, or suppliers, adhere to this policy, and sub-policies, standards, guidelines, or procedures derived from it.
  2. The information security risk posture of every business process and location will be regularly assessed and advised to management by Network and Information Security Department.
  3. There shall be an independent review of the management and use of information assets throughout the organization by Internal Audit.
  4. Violation of this policy will result in disciplinary action, will result in a disciplinary action in accordance with the Human Resource Manual.
  5. Additionally, individuals are subject to loss of Telesom Information Resources access privileges, civil, and criminal prosecution.