Information Security Policy

As a modern, forward-looking business, Mizzen Digital recognises at senior levels the need to ensure that its business operates smoothly and without interruption for the benefit of its customers, shareholders and other stakeholders.

Mizzen Digital is committed to carry out its activities adopting appropriate information security protocols and policies that ensure the confidentiality, integrity, availability, authenticity and non-repudiation of user data and information

In order to provide such a level of continuous operation, Mizzen Digital has implemented an Information Security Management System (ISMS) in line with the International Standard for Information Security, ISO/IEC 27001. This standard defines the requirements for an ISMS based on internationally recognised best practice.

Mizzen Digital has decided to maintain full alignment with ISO/IEC 27001 requirements in order that the effective adoption of information security best practice may be validated by an independent third party, a Registered Certification Body (RCB). In addition, the guidance contained in the codes of practice ISO/IEC 27017 and ISO/IEC 27018 has been adopted as these have particular relevance for Cloud Service Providers (CSPs).

In accordance with ISO/IEC 27001 the reference controls detailed in Annex A of the standard are adopted where appropriate by Mizzen Digital. These are reviewed on a regular basis in the light of the outcome from risk assessments and in line with information security risk treatment plans.

In addition, enhanced and additional controls from the following codes of practice are adopted and implemented where appropriate:

• ISO/IEC 27002 – Code of practice for information security controls
• ISO/IEC 27017 – Code of practice for information security controls based on ISO/IEC 27002 for cloud services
• ISO/IEC 27018 – Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors

This policy applies to all systems, people and processes that constitute the organization’s information systems, including board members, directors, employees, suppliers and other third parties who have access to Mizzen Digital systems.

It is a fundamental principle of the Mizzen Digital Information Security Management System that the controls implemented are driven by business needs and this is regularly communicated to all staff through team meetings and briefing documents.