Information Security Management System (ISMS) Policy

Purpose & Scope

This policy defines Sognos Solutions’ commitment to protecting information assets and managing security risks in compliance with ISO/IEC 27001:2022, the Privacy Act 1988 (Australia), and the Privacy Act 2020 (New Zealand). It applies to all employees, contractors, and third parties handling company information across Australia and New Zealand.

Policy Statement

Sognos Solutions is committed to:

• Safeguarding the confidentiality, integrity, and availability of information assets.
• Meeting all legal, regulatory, and contractual obligations, including Australian Privacy Principles, and New Zealand Privacy Principles.
• Implementing a risk-based approach to prevent unauthorised access, disclosure, alteration, or destruction of information.
• Maintaining business continuity through tested plans and resilience measures.
• Continually improving the ISMS through monitoring, audits, and management reviews.

Objectives

• Ensure compliance with ISO/IEC 27001:2022 and ANZ regulatory requirements.
• Protect sensitive data from cyber threats and breaches.
• Promote security awareness across the organisation.

Responsibilities

• Senior Management: Provide resources and oversight for ISMS implementation.
• All Staff: Comply with ISMS policies and report security incidents promptly.

Review

This policy will be reviewed annually or upon significant changes in business, technology, or regulatory requirements.

 

For any questions please contact us at:
Sognos Solutions Pty Ltd (ABN 53 611 121 870)
Email: contact@sognos.com.au