Information Security Policy

Information Security Policy

 

1    Introduction

We are committed to maintaining and preserving the confidentiality, integrity, and availability of information within a secure system. This system allows registered clients to access only their own data, with restricted access for Perivan staff involved in operational processes.

Our Customer Success team operates exclusively from the office at 21 Worship Street, while software development is restricted to transparently.tech Limited, registration number SC682700, International House, 38 Thistle Street, Edinburgh, United Kingdom, EH2 1EN. Both teams provide remote support within controlled environments.

This policy is supported by several topic-specific policies that address specific areas of information security, including access control, incident management, business continuity, and data protection. While the system is largely electronic, this policy also extends to the general security of premises and business continuity in exceptional circumstances.

The purpose of this policy is to establish a framework for managing information security in alignment with ISO 27001:2022. This policy ensures compliance with applicable legal, regulatory, and contractual requirements, while supporting continual improvement of our Information Security Management System (ISMS).

 

2    Information Security Objectives Framework

We establish information security objectives at relevant functions and levels to ensure the effectiveness of our ISMS. These objectives:

  • Are consistent with this Information Security Policy.
  • Are measurable where practicable.
  • Consider applicable information security requirements, risk assessment outcomes, and risk treatment plans.
  • Are monitored regularly to track progress.
  • Are communicated across relevant levels of our organisation.
  • Are updated as appropriate to reflect changes in risks, business needs, and regulatory requirements.
  • Are documented and maintained for reference.

When planning how to achieve these objectives, we determine:

  • What actions will be taken to meet the objectives.
  • The resources required to achieve the objectives.
  • The individuals responsible for implementation.
  • The timeline for completion.
  • How results will be measured and evaluated for effectiveness.

 

3    Our Commitments

We are committed to:

  • Meeting applicable legal, regulatory, and contractual requirements related to information security.
  • Continually improving our ISMS to address emerging threats and evolving business needs.
  • Ensuring that information security considerations are integrated into business processes.

 

4    Policy Communication and Availability

This policy is communicated within our organisation and made available to interested parties as appropriate. It is reviewed periodically to ensure continued effectiveness and relevance.

 

5    Approval and Review

Approved by: Vera Drozdova

 

Date: 17.03.2025

Next Review Date: 17.03.2026