inq. Nigeria’s senior management recognizes the importance of developing and implementing an Information Security Management System (ISMS) within the company to protect business information assets from all threats, whether internal or external, deliberate or accidental, and also to demonstrate the commitment we have towards our customer’s information security.
inq. Nigeria’s ISMS programme is based on the international standard ISO/IEC 27001:2022 and control documents have been produced to define requirements for a management systems approach to information security management, based on industry best practices. The framework for setting Information Security objectives has been established and documented within the inq. Nigeria procedural manual.
It is the objective of inq. Nigeria to ensure that information is only accessible to authorized persons from within or outside the company and minimize damage by preventing and reducing the impact of security incidents. Confidentiality, Integrity and Availability of information is maintained throughout business functions and processes.
inq. Nigeria has established a risk assessment methodology to identify and control the security of business information meeting legal, regulatory and contractual requirements. Demonstration of successful implementation of this management system will assure all interested parties to the business that an appropriate and effective information security management system is in place.
These specific requirements for setting up and managing an effective information security management system emphasize inq.Nigeria’s commitment to:
- understanding information security needs and the necessity of establishing policy and objectives for information security;
- implementing and operating controls and measures for managing the organization’s overall information security risk;
- monitoring and reviewing the performance and effectiveness of the ISMS; and
- continual improvement based on objective measurement.
It is the policy of inq. Nigeria to conduct a review of the content of this policy and the ISMS in general annually or when significant changes take place to ensure the system meets the requirements of all stakeholders and compliance with the ISO 27001 standard. The Managing Director has overall responsibility for maintaining this Policy and providing guidance on its implementation. All managers are directly responsible for ensuring that policies and procedures are followed within their business areas. Each employee is responsible for adhering to the business ISMS policies and procedures.
