Information Security Policy

NexTap Information Security Objectives:

At NexTap, we recognize the critical importance of protecting information assets from both internal and external threats that could compromise the confidentiality, integrity, and availability of data. Our Information Security Policy outlines our commitment to ensuring a secure working environment and maintaining the confidentiality, integrity, and availability of information exchanged internally and externally with customers, partners, and other business stakeholders.

People First - Asset Management:

We prioritize the security of our key resources - our people. Proper asset management practices will be employed to safeguard information and ensure its appropriate use.

Risk Management:

We will identify and minimize potential threats that could adversely impact NexTap's business operations.

Secure Working Environment:

NexTap will maintain a secure working environment encompassing physical, software, and hardware aspects to mitigate risks effectively.

Information Access Control:

We will implement well-defined internal and external access controls to ensure that information is accessible only to authorized individuals on a need-to-know basis.

Regulatory Compliance:

NexTap is committed to meeting and maintaining regulatory compliance relevant to our business operations.

Continuous Improvement:

We aim to continually improve our information security measures by defining and implementing corrective actions based on identified areas for improvement.

Business Continuity:

Maintaining business continuity is of paramount importance, and we will develop and test recovery plans to address security incidents and minimize their impact.

Principles of Information Security Policy:

Confidentiality:

We will ensure the confidentiality of information and prevent unauthorized access and misuse.

Integrity:

NexTap will maintain the integrity of information to ensure its accuracy and relevance over time.

Availability:

Information and information systems will be made available to stakeholders in alignment with business needs.

Understanding Stakeholder Needs:

We will build relationships with stakeholders and maintain open communication to understand their context, needs, and expectations.

Risk Assessment:

Regular identification, analysis, and assessment of information security risks will be conducted to proactively address potential threats.

Risk-Based Decision-Making:

Decisions and actions will be based on the results of information security risk assessments.

Awareness and Training:

Employees will receive information security awareness, education, and training to enhance their understanding of best practices.

Compliance:

NexTap will apply information security measures to comply with legal, regulatory, contractual, and other relevant requirements.

Continuous Improvement:

We will establish measurable goals and monitor the performance of our information security measures for continuous improvement.

Incident Reporting and Response:

Security threats will be promptly reported to the ISO management of the company, and appropriate actions will be taken to address incidents and reduce risks.

Recovery and Business Continuity:

NexTap will develop, maintain, and test recovery plans to mitigate the consequences of security incidents and ensure business continuity.

In line with these obligations, NexTap will maintain a functional and effective Information Security Management System adhering to the requirements of the international standard ISO/IEC 27001:2013.