ISMS and BCMS Policy Statement

The Board and Management of ITSM Technologies Limited, located at suite 121, 1st floor Oshopey plaza, 17/19 Allen Avenue, Ikeja Lagos is committed to preserving the Confidentiality, Integrity and Availability of all the physical and electronic information assets and customer information throughout the organization, in order to preserve its assets, legal as well as contractual obligations, compliance and reputation with the aim of continually surpassing our stakeholders’ expectations while addressing all Business Continuity requirements

Information security and business continuity requirements will continue to be aligned with organizational goals, objectives , the Information Security Management System (ISMS) and the Business Continuity Management System(BCMS) which is intended to be an enabling mechanism for information processing, transmitting , sharing, storage, recovery, electronic operations and reducing information related risks to an acceptable level.

It is our policy to ensure that:

  • The organization’s current strategy, Risk Management Policy provides the context for identifying, assessing, evaluating and controlling information-related risks through the establishment and maintenance of the ISMS and BCMS.
  • Incident Management Plans, Business Continuity Plans shall be periodically tested and reviewed to ensure they remain current and relevant as well as enable staff to understand and exercise the plans. It shall be responsibility of management to plan and test their Plans. All employees of ITSM Technologies Limited shall have the responsibility of reporting information security breaches and other incidents.
  • All employees of ITSM Technologies Limited and external parties identified in the ISMS and BCMS are expected to comply with this policy. Appropriate training and awareness shall be provided for all staff whenever necessary.
  • The Chief Technology Officer (CTO) is the owner of this document and is responsible for ensuring that this policy document is reviewed and reapproved by the Board at least annually or in the event of major changes and/or incidents in the operating environment.
  • A current version of this document is available to all members of staff on the shared drive. This policy is issued on a version-controlled basis under the signature of the Chief Operating Officer (COO).
  • Any breach of the policy or security mechanism may warrant disciplinary measures, up to and including termination of employment/contract as well as legal action in line with the Cybercrime Prohibition Act 2015.