Security Policy - PhoenixDX

As a modern, forward-looking business, PhoenixDX recognises at senior levels the need to ensure that its business operates smoothly and without interruption for the benefit of its customers, shareholders and other stakeholders. In order to provide such a level of continuous operation, PhoenixDX has implemented an Information Security Management System (ISMS) in line with the International Standard for Information Security, ISO/IEC 27001. This standard defines the requirements for an ISMS based on internationally recognised best practice. The following supporting documents are relevant to this information security policy and provide additional information about how it is applied: Access control Asset management Communications and operations security Human resources security Information systems acquisition, development and maintenance Physical and environmental security We dont just rely on written security policies or standards when it comes to information security. We also uphold the confidentiality, integrity and availability of information through safeguarding our technological assets and resources. Measures include, but are not limited to: Antivirus and anti-malware software Desktop and laptop full disk encryption Monitoring and detection systems Training and awareness programs In the face of ever-changing attack methods, we are constantly updating information, guidance and training for PhoenixDX employees. Raising awareness of threats to data privacy and information security is an ongoing and dynamic process. This includes mandatory training that is regularly updated for professionals in each PhoenixDX service line, as well as various activities to raise awareness across the organization. Business continuity and disaster recovery Our dedication to safeguarding organization and customer data is illustrated through our disaster recovery and business continuity capabilities. We are committed to ensuring PhoenixDXs people, business processes, offices, applications and data are protected in the event of a catastrophic event. The disaster response and system recovery procedures for our critical services have been carefully planned and tested. Our methods include: Business Impact Assessments Mission-critical disaster recovery plans Periodic testing of disaster recovery and business continuity plans to verify their effectiveness Supplier evaluation and assurance We evaluate prospective suppliers for compliance with our ISO 27001 policies and controls. Our assurance checks include risk rating assessments and findings documentation to ensure ongoing compliance and security. #J-18808-Ljbffr

Created: 2025-05-07