Information Security Policy - Key Points for Staff Compliance (ISO 27001:2022)

As part of our commitment to ensuring the highest levels of information security and aligning with the ISO 27001:2022 standard, we are implementing key security measures across the company. Please review the following critical points of our Information Security Policy, which all staff members are required to follow to maintain the confidentiality, integrity, and availability of our information assets.

Key Points of the Information Security Policy:
  1. Information Security Responsibilities:
    • All employees must protect sensitive information from unauthorized access, modification, or disclosure.
    • Designate clear roles for information security at all levels of the organization.
  2. Data Protection:
    • Handle personal data and sensitive information in accordance with legal requirements and the company’s data protection protocols.
    • Always store, process, and transmit data securely.
  3. Access Control:
    • Access to information systems and data will be granted based on job responsibilities.
    • Use strong passwords and ensure accounts are locked when not in use.
  4. Incident Reporting:
    • Report any information security incidents, suspicious activity, or potential breaches immediately to the IT security team
    • Follow incident response procedures for a quick resolution.
  5. Employee Awareness & Training:
    • Participate in regular training sessions to stay updated on security threats and best practices.
    • Familiarize yourself with our company’s security policies and procedures.
  6. Network Security:
    • Use company-approved devices and networks to access corporate information systems.
    • Ensure all devices are protected by up-to-date antivirus software and firewalls.
  7. Physical Security:
    • Secure physical access to company premises and ensure workstations are not left unattended.
    • Lock away sensitive documents and electronic devices when not in use.
  8. Business Continuity:
    • Understand and follow the business continuity plan to ensure that critical services remain operational in case of an emergency.
  9. Compliance:
    • Comply with applicable laws, regulations, and internal security policies related to information protection.

Conclusion: It is essential that all employees adhere to these principles to protect our organization and clients from potential security risks. Together, we can ensure that our information assets remain secure and that we are compliant with ISO 27001:2022 standards.

This policy is communicated, implemented and maintained at all levels throughout the BIM Advanced Technology Service. It is reviewed annually and revised to ensure its continuing suitability, relevance, adequacy and is available to external interested parties including the public upon request.

All company employees, visitors and external providers are required to comply with the terms of this policy when on company premises or carrying out work on behalf of the company.

Established on 5-Jun- 2021
Revised on 30-Jun- 2021
Zay Yar Phyoe
Managing Director, BIM Group of Companies

Download PDF fileThe KDDI Group Human Rights Policy (732KB)