cordros logo

Information Security Policy.

1. INTRODUCTION

Our Information Security Policy defines the direction and support for information security in alignment with business requirements, applicable laws and regulations, and the ISO/IEC 27001 standard.

At Cordros Capital Limited, we manage sensitive client, financial, and operational data. This policy establishes the principles for protecting the confidentiality, integrity, and availability of our information assets. It forms the foundation for implementing and continuously improving our Information Security Management System (ISMS), ensuring that risks are effectively managed and stakeholder trust is maintained.

1.1 PURPOSE

The policy outlines our security principles, objectives, and governance structures to ensure robust protection of information assets, preserve stakeholder confidence, and support the organisation's sustainable growth in an evolving digital landscape.

Top management is fully committed to embedding security into every aspect of Cordros Capital Limited’s operations, fostering a culture where security is a shared responsibility and a driver of business excellence. We are dedicated to proactive risk management, continuous improvement, and the strategic alignment of security practices with our business objectives, empowering us to navigate emerging threats and confidently leverage new opportunities.

1.2 POLICY STATEMENT

Cordros Capital Limited is committed to safeguarding the confidentiality, integrity, and availability of all information assets entrusted to us by our clients, partners, employees, and stakeholders. Protecting information is fundamental to maintaining trust, supporting our business objectives, and delivering exceptional financial services. We are also fully committed to continually improving our information security management systems in line with ISO 27001.

1.3 SCOPE

This policy applies to all systems, individuals, and processes that comprise the organisation’s information systems, including board members, directors, employees, vendors, and other third parties with access to Cordros Capital Limited’s information assets.

2. INFORMATION SECURITY MANAGEMENT SYSTEM POLICY

2.1 INFORMATION SECURITY OBJECTIVES

Based on the requirements and issues set out in this document, the following major objectives are set for information security:

  • Attain and surpass governance, regulatory, legal, and compliance requirements.
  • Ensure risks are effectively managed.
  • Ensure consistent and effective processes are implemented for reporting, resolving, and closing incidents to minimise risks.
  • Ensure information assets achieve appropriate protection based on the associated business risk.
  • Reduce organisational costs by effectively implementing policies, plans, and procedures.

The success of the ISMS will be judged on its ability to meet these overall objectives. More information on the Cordros Information Security objectives has been documented in the CCL-ISMS-PLN-06-3 InfoSec Objectives and Plan documents.

2.2 COMMITMENT TO SATISFY APPLICABLE REQUIREMENTS

Cordros Capital Limited is dedicated to meeting all relevant information security requirements. This commitment encompasses adherence to industry standards, legal obligations, regulatory frameworks, and contractual agreements.

We recognise the importance of complying with applicable laws, regulations, and other requirements to ensure the protection, confidentiality, integrity, and availability of information assets entrusted to us. To uphold this commitment, we will:

  • Regularly assess and monitor changes in applicable laws, regulations, and standards related to information security.
  • Implement and maintain controls and measures to ensure compliance with identified requirements.
  • Provide necessary resources, training, and support to enable all employees to understand and fulfil their responsibilities in meeting these requirements.
  • Continuously improve our information security management policies, systems, and processes to align with evolving legal, regulatory, security, and risk landscapes.

By adhering to these principles, we demonstrate our dedication to maintaining a robust and compliant information security posture and safeguarding our organisation's and stakeholders' interests.

2.3 CONTINUAL IMPROVEMENT OF THE ISMS

Cordros Capital Limited Policy regarding continual improvement is to:

  • Continually improve the effectiveness of the ISMS.
  • Enhance current processes to bring them into line with good practice as defined within ISO/IEC 27001 and related standards.
  • Achieve ISO/IEC 27001 certification and maintain it on an ongoing basis.
  • Increase the level of proactivity (and stakeholder perception of proactivity) concerning information security.
  • Make information security processes and controls more measurable to provide a sound basis for informed decisions.
  • Review relevant metrics annually to determine if adjustments are needed based on historical data.
  • Obtain ideas for improvement via regular meetings and communication with interested parties.
  • Review ideas for improvement at management meetings to prioritise and assess timescales and benefits.

Ideas for improvements may come from any source, including employees, customers, vendors, IT staff, risk assessments, and service reports. Once identified, they will be recorded and evaluated as part of management reviews.

3. CONCLUSION

This Information Security Policy reflects Cordros’ unwavering commitment to protecting the confidentiality, integrity, and availability of its information assets. By adhering to the principles outlined in this policy and complying with applicable laws, regulations, and industry standards, we ensure the continued resilience of our operations and the trust of our stakeholders.

All employees, contractors, and third parties are expected to understand, support, and uphold this policy and related topic-specific policies as part of their responsibilities. Regular reviews and continuous improvements will be conducted to keep the policy relevant and effective in addressing evolving security threats.

Together, we will maintain a robust security posture and safeguard Cordros Capital Limited's reputation and future growth through collective vigilance and shared accountability.