Get in Touch

Information Security Policy

 

Effective Date: JANUARY 25, 2025

At Excelsum Development Corporation (“Excelsum”), we are committed to safeguarding the confidentiality, integrity, and availability of all data and information assets under our control. This Information Security Policy outlines our approach to protecting sensitive information, ensuring compliance with applicable laws and regulations, and maintaining the trust of our clients, employees, and stakeholders.

  1. Purpose

The purpose of this policy is to:

  • Protect Excelsum’s information assets against unauthorized access, disclosure, alteration, and destruction.
  • Ensure compliance with legal, regulatory, and contractual obligations.
  • Maintain the trust and confidence of clients, partners, and stakeholders.
  • Provide a framework for identifying and managing information security risks.
  1. Scope

This policy applies to all employees, contractors, consultants, and third-party service providers who access or handle Excelsum’s information assets, including but not limited to:

  • Electronic data
  • Physical documents
  • IT systems and infrastructure
  1. Information Security Objectives

Excelsum’s key information security objectives include:

  1. Ensuring the confidentiality of client, employee, and company data.
  2. Preventing unauthorized access to information systems.
  3. Protecting data integrity by preventing unauthorized modifications.
  4. Ensuring the availability of information systems to authorized users.
  5. Roles and Responsibilities

4.1 Management:

  • Establish and enforce information security policies and procedures.
  • Provide the necessary resources to implement and maintain this policy.
  • Monitor compliance and address violations.

4.2 Employees and Contractors:

  • Comply with this policy and related procedures.
  • Report security incidents promptly.
  • Protect login credentials and access permissions.

4.3 IT Department:

  • Implement and maintain technical security controls.
  • Monitor network activity and system performance for potential threats.
  • Respond to and mitigate security incidents.
  1. Information Security Measures

5.1 Access Control:

  • Limit access to information and systems based on the principle of least privilege.
  • Use strong authentication mechanisms, such as multi-factor authentication, where applicable.

5.2 Data Protection:

  • Encrypt sensitive data in transit and at rest.
  • Regularly back up critical data and test the recovery process.

5.3 Network Security:

  • Use firewalls, intrusion detection/prevention systems, and anti-malware software to protect IT infrastructure.
  • Conduct regular vulnerability assessments and penetration testing.

5.4 Physical Security:

  • Restrict access to data centres and sensitive areas to authorized personnel only.
  • Use secure storage for physical documents containing sensitive information.

5.5 Incident Management:

  • Establish a process for identifying, reporting, and responding to security incidents.
  • Conduct post-incident reviews to identify root causes and implement corrective actions.
  1. Employee Awareness and Training

Excelsum will provide regular training and awareness programs to:

  • Educate employees on information security best practices.
  • Promote awareness of phishing, social engineering, and other common threats.
  • Ensure compliance with this policy and related procedures.
  1. Third-Party Vendors and Contractors

Excelsum requires third-party vendors and contractors to:

  • Comply with this policy and other contractual security requirements.
  • Implement appropriate security measures to protect Excelsum’s information assets.
  • Report any security incidents involving Excelsum data immediately.
  1. Compliance and Monitoring
  • Excelsum will regularly monitor and audit its information security practices to ensure compliance with this policy and relevant laws and regulations.
  • Non-compliance with this policy may result in disciplinary action, up to and including termination of employment or contract.
  1. Policy Review and Updates

This policy will be reviewed and updated annually or as required to address new risks, technologies, or business processes.

  1. Reporting Security Incidents

All employees, contractors, and third parties must report suspected or actual security incidents to the IT Department immediately via:

📞 +233 303 981 737
📧 security@excelsumcorp.com

  1. Contact Information

For questions or concerns regarding this policy, please contact:

Excelsum Development Corporation
Ecowas Highway, Ashongman Estates, Accra, Ghana
📞 +233 303 981 737
📧 info@excelsumcorp.com
🌐 www.excelsumcorp.com

By adhering to this Information Security Policy, Excelsum Development Corporation ensures the continued protection of its information assets and the trust of its clients and stakeholders.