Telesom is committed in accordance with the company purpose and values to maintaining and improving information security and minimizing exposure to risk within the telco to provide a secure and quality service to our customers.

It is Telesom’s policy therefore to ensure that:

1. Information security risks will be maintained at an acceptable level 
2. Risks resulting from organizational, physical, environmental and emerging technological changes and the use of 3rd parties will be assessed and appropriately managed. 
3. The confidentiality of corporate and customer information will be assured. Sensitive information will be protected against unauthorized access and the integrity of information will be maintained. Information will only be made available to authorized business processes, employees, suppliers and other interested parties as and when required. The requirements of interested parties (including regulatory, contractual and legal requirements) will be met; 
4. The protection of information will be considered when business continuity plans for mission critical activities are produced, maintained, tested or invoked; 
5. Information security awareness and trainings will be made available to all employees and suppliers as appropriate.
6. All breaches of information security will be reported to and investigated by following the existing incident management process.

To support this policy:

1. Telesom has established an Information Security Management System (ISMS) which incorporates a formal and systematic approach to information risk management. The ISMS identifies business needs and the needs of interested parties with regards to information security requirements (including contractual, regulatory, data protection and any other relevant requirements) and create an effective operational security framework.
2. Information Security objectives shall be set every three years, supported by a set of key performance indicators cascaded through the Balanced scorecard. These measures shall be reported to the Steering Committee and Management Review on a quarterly basis.
3. Telesom management shall ensure the continual improvement of the ISMS. Continual improvement shall be continuously reviewed by management and the need for any change communicated to all employees.
4. Telesom shall fully comply with and certify to the IEC/ISO 27001:2013 standard for information security.