INFORMATION SECURITY POLICY

At Alshehili Company, we are unwavering in our commitment to safeguarding the confidentiality, integrity, and availability of information assets, in compliance with ISO 27001 and NIST standards. We recognize that information security is fundamental to our operations, customer trust, and overall business success.

Our Information Security Policy is built upon the following principles:

1. Information Asset Protection: We identify and classify information assets based on their sensitivity and criticality. Access to these assets is strictly controlled, and only authorized personnel have permission to access, modify, or transmit them. We employ encryption, authentication, and authorization mechanisms to ensure the protection of sensitive information during storage, transmission, and processing.

2. Risk Management: We conduct regular risk assessments to identify and evaluate potential security threats and vulnerabilities. Mitigation plans are developed and implemented to reduce and manage identified risks effectively.

3. Compliance with Standards and Regulations : We adhere to ISO 27001 and NIST guidelines, as well as all relevant legal and regulatory requirements pertaining to information security. Our security practices are continuously reviewed and updated to align with industry best practices.

4. Employee Awareness and Training: We recognize that our employees are a critical component of our security posture. All employees are provided with information security training and are expected to follow security policies and procedures diligently. Reporting of security incidents or breaches is encouraged, and we maintain a culture of transparency and accountability

5. Incident Response and Management: In the event of a security incident or breach, we have established incident response procedures to detect, respond to, and recover from such incidents promptly. Lessons learned from incidents are used to improve our security measures continually.

6. Third-Party Risk Management: We assess the security practices of our third-party vendors and partners to ensure that they meet our security standards and protect our shared information assets.

7. Security Monitoring and Audit: We implement continuous monitoring and auditing of our information systems and networks to detect and mitigate security threats in real-time. Regular security audits are conducted to assess the effectiveness of our security controls and compliance with policies.

8. Business Continuity and Disaster Recovery: We have robust business continuity and disaster recovery plans in place to ensure the availability and resilience of our critical systems and data in case of unforeseen events. This Information Security Policy sets the foundation for our information security program. It is a living document that is regularly reviewed and updated to reflect the evolving threat landscape and changing business requirements. We are committed to maintaining the highest standards of information security to protect our organization and our stakeholders.

By adhering to this policy, we demonstrate our dedication to secure information management, fostering trust among our customers and partners.