The management of ZUAR Inc, a Delaware corporation, are committed to preserving the confidentiality, integrity and availability of all the physical and electronic information assets throughout their organization in order to preserve its competitive edge, cash-flow, profitability, legal, regulatory and contractual compliance and commercial image. Information and information security requirements will continue to be aligned with ZUAR’s goals and the ISMS is intended to be an enabling mechanism for information sharing, for electronic operations, and for reducing information-related risks to acceptable levels.

ZUAR’s current strategic business plan and risk management framework provide the context for identifying, assessing, evaluating and controlling information-related risks through the establishment and maintenance of an ISMS. The Risk Assessment, Statement of Applicability and Risk Treatment Plan identify how information-related risks are controlled. The Chief Executive Officer (CEO), in conjunction with the board of directors, is responsible for the management and maintenance of the risk treatment plan. Additional risk assessments may, where necessary, be carried out to determine appropriate controls for specific risks.

In particular, business continuity and contingency plans, data backup procedures, avoidance of viruses and hackers, access control to systems and information security incident reporting are fundamental to this policy.

All employees of ZUAR [and certain external parties identified in the ISMS] are expected to comply with this policy and with the ISMS that implements this policy. All employee, contractors, and certain external parties, will receive appropriate training. The consequences of breaching the information security policy are set out in ZUAR’s disciplinary policy and in contracts and agreements with third parties.

The ISMS is subject to continuous, systematic review and improvement.

ZUAR has established a top level management steering group, chaired by Chief Technical Officer (CTO) to support the ISMS framework and to periodically review the security policy.

ZUAR is committed to achieving certification of its ISMS to ISO27001:2013.

This policy will be reviewed to respond to any changes in the risk assessment or risk treatment plan and at least annually.