Information Security Policy

Information Security Policy Statement

Comzafrica Ltd's management has established and documented an Information Security Policy based on the requirements of the ISO/IEC 27001:2022 standard, which is appropriate to the company's purpose. This policy encompasses information security objectives aimed at safeguarding the Confidentiality, Integrity, and Availability of information and information processing assets from all threats, whether internal or external, deliberate or accidental in relation to the processing, transmitting, and storing of information entrusted to Comzafrica Ltd by its clients, partners, and stakeholders.

Comzafrica Ltd shall therefore:

• Establish and implement risk-based information security controls appropriate to the nature of Comzafrica Ltd's business operations and services.
• Periodically review and update operational procedures and security controls across all business functions.
• Ensure compliance with applicable legal, statutory, regulatory, and contractual information security obligations.
• Promote information security awareness among all staff, interns, service providers, third-party contractors, and end users of Comzafrica Ltd's information systems.
• Manage information security incidents effectively through a defined Incident Management framework.
• Ensure the continual improvement of the Information Security Management System (ISMS) through regular reviews of measurable information security objectives.

Comzafrica Ltd's management is committed to satisfying all applicable requirements related to information security and to the continual improvement of the Information Security Management System.