Information Security Management System Policy
At KUDO Accounting, we uphold a policy to protect information in all forms—written, spoken, digitally recorded, or printed—from unauthorized modification, destruction, or disclosure, whether accidental or intentional, throughout its entire lifecycle. This commitment aligns with the international standard ISO/IEC 27001:2013. To ensure comprehensive protection, we implement appropriate security measures for equipment and software involved in processing, storing, and transmitting information.
Additionally, our information security risk management practices adhere to the guidelines set forth in the ISO/IEC 27005:2018 standard. By following these internationally recognized methodologies, we prioritize the confidentiality, integrity, and availability of our valuable information assets.
Specifically, the Information Security Management System (ISMS) at KUDO Accounting is based on the requirements of ISO/IEC 27001:2013 and is integrated with our Quality Management System, which adheres to ISO 9001:2015.
The objective of KUDO Accounting is to evaluate and demonstrate our commitment to maintaining the confidentiality, integrity, and availability of information across our professional services, accounting, financial advisory, and consultancy activities, as well as in the exchange of information both internally and with external parties. This is achieved through a robust business continuity and traceability process that addresses cybersecurity and privacy concerns.
All policies and procedures must be documented and made available to those responsible for their implementation and compliance. All activities identified in the policies and procedures must also be documented. Any documentation, whether in electronic form or otherwise, must be retained for a minimum of six (6) years after its initial creation or following any amendments to the policies and procedures. Documentation must be periodically reviewed to ensure suitability, with the review schedule determined by the ISO Team at KUDO Accounting.
Each department and/or unit will formulate additional policies, standards, and procedures to explain the application of this policy and the set standards. These guidelines will also address any specific functionalities related to the information systems of each department. It is essential that all departmental policies comply with this overarching policy. For any systems introduced after the effective date of these policies, compliance with this policy’s provisions is expected to the extent possible. Existing systems are also expected to achieve compliance as soon as feasible and practicable.
Scope
The scope of information security includes protecting the confidentiality, integrity, and availability of all information processed and stored by KUDO Accounting. The methodology for managing information security as outlined in this policy applies to all units, workers, contractors, and other stakeholders involved, as well as to all systems within KUDO Accounting.
This policy, along with all associated standards, applies to all protected information and other classes of protected information in any form, as defined in the approved Information Classification Matrix at KUDO Accounting. The ISMS at KUDO Accounting is based on the requirements of ISO/IEC 27001:2013 and is integrated with the Quality Management System based on ISO 9001:2015.
The Organization’s Policy Aims to:
- Ensure that manuals, policies, procedures, guidelines, and plans are clear and concise, reflecting the commitments KUDO Accounting has made;
- Monitor and analyze performance metrics and make necessary adjustments, as needed, in relation to Information Classification, Incident Management, Risk Management, Business Continuity, Cybersecurity, Privacy, and/or any related topics;
- Educate all employees on information security, cybersecurity, and privacy;
- Ensure effective internal and external communication;
- Foster a team-oriented approach to problem-solving and preventive actions by empowering all employees to be quality ambassadors;
- Implement and monitor the organization’s ISMS in the daily culture and practices of KUDO Accounting, as part of our long-term commitment to quality and the protection of CIA (Confidentiality, Integrity, Availability) information;
- Ensure that senior management regularly meets with the ISMS Team representative to review and ensure the effectiveness of the Information Security Management System;
- Adopt best practices in information security and data protection to safeguard the confidentiality, integrity, and availability of all processed information;
- Ensure compliance with applicable local and international legal and regulatory requirements, continually improving ISMS performance as needed;
- Continuously improve the security and business continuity plan, aiming to enhance ISMS effectiveness and meet ongoing information continuity requirements.
Management Responsibilities:
The management of KUDO Accounting is responsible for ensuring that the Information Security Management System Policy:
- Is appropriate for the organization’s purpose;
- Includes a continuous commitment to improve the effectiveness of the Integrated Management System, ensuring compliance with laws, regulations, administrative guidelines, and applicable standards;
- Establishes a framework for setting and reviewing Information Security Management System objectives;
- Is regularly communicated within management and understood across the organization; and
- Is periodically reviewed to ensure continued suitability.
The ISO Team is responsible for ensuring that the Information Security Management System Policy is reviewed as part of the Management Review Process.
Powered by Melita&Partners
© Copyright 2024 KUDO Accounting. All Rights Reserved.