ISMS Policy Statement

The Board and Management of CeLD Innovations Ltd is committed to preserving the confidentiality, integrity, and availability of all physical and electronic information assets throughout the organization. This commitment extends to preserving the organization’s reputation, legal standing, regulatory compliance, and contractual obligations.
CeLD’s Information Security Management System, aligned with ISO/IEC 27001:2022, provides the context for identifying, assessing, evaluating, and controlling information security risks through systematic risk management processes. The risk assessment and risk treatment plan captures how identified risks are controlled in alignment with CeLD’s enterprise risk management strategy.
Key Commitments:
1. Risk Management: CeLD’s current strategy and ISMS provide the framework for managing information security risks through establishment and maintenance of appropriate controls. Risk assessments are conducted regularly to identify emerging threats and vulnerabilities.
2. Critical Controls: Data backup procedures, access control mechanisms, and information security incident reporting are fundamental to protecting organizational assets. All employees have the responsibility to report incidents promptly.
3. Compliance and Training: All employees and identified external parties must comply with this policy. All staff and relevant external parties will receive appropriate information security awareness training and must provide evidence of completion.
4. Continuous Improvement: The ISMS is subject to continuous and systematic review with improvements adopted where necessary to maintain its effectiveness and alignment with business objectives.
5. Breach Response: Any breach of this policy or security controls may warrant disciplinary measures, up to and including termination of employment or contract, as well as legal action in line with the Cybercrimes (Prohibition, Prevention, etc.) Act 2015 and other applicable laws.

It is, therefore, CeLD’s policy to ensure:
● CeLD’s current strategy and Information Security Management Systems (ISMS) provides the context for identifying, assessing, evaluating and controlling information/process/service-related risks through establishment and maintenance of the ISMS. The risk assessment and risk treatment plan capture how identified risks are controlled in alignment with CeLD’s risk management strategy.
● In particular, business continuity and contingency plans, data backup procedures, access control to systems and information security incident reporting are fundamental to this policy. All employees of CeLD shall have the responsibility of reporting incidents
● All employees of CeLD and external parties identified in the Management Systems are expected to comply with this policy. All staff and certain external parties will receive or be required to provide evidence of receiving appropriate training.
● The ISMS shall be subject to continuous and systematic review with improvements adopted, where necessary.
● Management is committed to the continual improvement of the ISMS in the Organizations.
● Breach of the policy or security mechanism may warrant disciplinary measures, up to and including termination of employment/contract as well as legal action in line with the Cybercrime Prohibition and Prevention Act 2024.