The NLS Information Security Policy
Welcome to the NLS Information Security Policy page.
Our goal is to safeguard the confidentiality, integrity, and availability of the sensitive data we manage.
This policy outlines how we protect information and ensure its secure handling through our Information Security Management System (ISMS).
Purpose
This policy has been developed to ensure that NLS adheres to best practices for information security, protecting our data and systems from unauthorized access, loss, or damage.
We aim to:
- Maintain the confidentiality of sensitive information.
- Ensure the integrity and accuracy of our data.
- Make sure that authorized personnel can access information when needed.
Scope
This policy applies to all employees, contractors, and third parties who have access to NLS information systems and data.
It covers all forms of data, including:
- Digital information (files, emails, databases)
- Physical data (documents, records)
- Verbal information (conversations, meetings)
Key Principles
To achieve our security goals, NLS follows the following key principles:
- Confidentiality
Ensuring that sensitive information is accessible only to those who need it to perform their job responsibilities.
- Integrity
Ensuring that information remains accurate, complete, and unaltered unless authorized.
- Availability
Ensuring that authorized users can access information when needed, without unnecessary delays or interruptions.
Roles and Responsibilities
- Employees and Contractors: All employees and contractors must adhere to the security protocols outlined in this policy and protect the information they handle.
- Information Security Team: Responsible for maintaining the ISMS, conducting regular audits, risk assessments, and training programs.
- Management: Ensures that information security policies are enforced and that necessary resources are provided for security efforts.
Information Security Controls
To protect information, NLS implements the following security controls:
- Access Control
Limiting access to sensitive data based on job roles and responsibilities.
- Encryption
Using encryption methods to protect data both in transit and at rest.
- Monitoring and Logging
Continuous monitoring of systems for suspicious activities and maintaining logs for auditing purposes.
- Incident Management
A structured approach for handling security breaches, including reporting, investigating, and resolving incidents.
Risk Management
NLS continuously assesses potential risks to its information systems and implements controls to mitigate those risks. Risk assessments are conducted regularly to ensure the effectiveness of the ISMS and to identify areas for improvement.
Compliance
We ensure that our information security practices comply with relevant laws, regulations, and industry standards, including:
- GDPR
General Data Protection Regulation
- ISO 27001
Information Security Management Standard
- Other applicable legal and regulatory requirements
Training and Awareness
NLS provides ongoing security training for all employees to raise awareness about information security risks, policies, and best practices. This ensures that everyone is equipped to handle information securely and in line with our policy.
Policy Review and Updates
This policy is reviewed annually and updated as needed to reflect changes in the business environment, regulatory requirements, or technology. Any changes to the policy will be communicated to all employees and stakeholders.
Reporting and Accountability
We encourage all employees and contractors to report any security concerns or incidents.
A clear reporting process is in place to ensure that any potential breaches or vulnerabilities are addressed quickly and appropriately.
The NLS Information Security System
Information Security Management System
(ISMS)
(INFORMATION SECURITY POLICY)
NLS Information Security Policy
The NLS Tech Solutions (NLS) ISMS covers all aspects of our software development, consulting, and systems integration services within the financial services industry. NLS is committed to establishing, implementing, maintaining and continually improving its information security management system which is designed to meet the requirements of ISO/IEC 27001:2022. At NLS, we understand that our clients, partners, and employees entrust us with their sensitive information. This policy sets out the principles and practices that NLS has put in place to safeguard the confidentiality, integrity, and availability of the data and information assets in our care. Our information security strategy is anchored on three core principles:
Confidentiality: We will employ rigorous measures to ensure that sensitive information remains accessible only to those with the proper authorization.
Integrity: All information and systems must be accurate, complete, and protected against any unauthorized changes.
Availability: Authorized users have access to information and systems they need, whenever they need them, to ensure smooth business operations.
NLS is fully committed to complying with all relevant laws, regulations, and contractual agreements related to information security.
This policy, and our information security program, will be guided by objectives to be set out at relevant business functions and the following overarching objectives:
- To protect information and information assets,
- To ensure seamless business continuity, and
- To continually strengthen our security.
This policy shall be updated every three years to reflect changes in the threat landscape and best practices or when significant changes occur.
This policy is accessible to all employees and, where appropriate, will be shared with relevant external interested parties.
Contact Us
For any concerns regarding our Information Security Policy, please reach out to our Information Security team at:
Phone: +254 701 122 281
Email: sales@nlske.com