Funds and Electronic Transfer Solutions Limited is committed to protecting the security and privacy of information in the face of security breaches and unwanted events and has implemented an Information Security Management System (ISMS) that is compliant with ISO/IEC 27001:2022, the international standard for information security, PCI-DSS 3.2.1, payment card industry data security standard, and the NDPR, Nigeria data Privacy protection
The management of Funds and Electronic Transfer Solutions Limited is committed to ensuring:
- Information will be protected against unauthorised access and processing in accordance with its classification level. On this basis, access to information will be on the basis of least privilege and need to know.
- Confidentiality, Integrity and Availability of information for business processes will be assured and maintained.
- Legislative and regulatory requirements will be met.
- nformation security training will be available for all employees
- Staff with particular responsibilities for information must ensure the classification of that information; must handle that information in accordance with its classification level; and must abide by any contractual requirements, policies, procedures or systems for meeting those responsibilities.
- All actual or suspected information security breaches will be reported to the to the risk team and this will be thoroughly investigated.
- Procedures and guidelines developed and maintained to support the information security policy, including access control measures, passwords and physical security.
- Business continuity and disaster recovery plans are developed, maintained and tested.
- All users covered by the scope of this policy must handle information appropriately and in accordance with its classification level.
- Information security provision and the policies that guide it will be regularly reviewed, including through the use of annual internal audits.
Compliance with the Information Security Policy is mandatory, and all managers are directly responsible for implementing the policy and ensuring staff compliance in their respective departments.
ISO/IEC 27001 Information Security Management Systems Certification (ISMS) Objectives
Based on the requirements and factors set out in this document, the following major objectives are set for information security:
- Objective 1 - Provide 85% assurance of information systems resilience
- Objective 2 – Ensure 100% adherence annually to regulatory and legal requirements that pertain to Information security
- Objective 3 – Ensure 99% confidentiality, integrity and availability of all critical assets and business processes
- Objective 4 – Improve skill capability annually by 80% for Information Security Resources