Information Security and Business Continuity Objective Policy Statement

Purpose

This policy statement defines the framework within which the integrated management system (information security management system and business continuity management system) will be managed across Nomba and demonstrates top management commitment and support for the Integrated Management System throughout Nomba. This policy serves as the basis from which all information security, business continuity and data protection related policies emanate.

Scope

This policy is applicable to all Nomba personnel, contractors, vendors, and other parties, and covers all information entrusted to or owned by Nomba and stored, processed, or transmitted on the organizations information systems and operated by the organization.

Information Security Objectives

Nomba has set the following major information security and business continuity objectives:

Objective 1– Achieve 100% protection of Confidentiality and integrity of Nomba Information assets.

Objective 2– Achieve 90% Information Security Awareness culture across the organization.

Objective 3– Provide assurance of information systems resilience – 99.6 availability.

Business Continuity Objectives

Objective 1– Ensure the safety and welfare of Nomba staff and visitors who are within its premises at the time of an incident.

Objective 2– Comply with Nomba’s contractual, regulatory, and legal requirements.

Objective 3– Preserve the ability to meet stakeholder expectations in a wide range of circumstances, including meeting 3rd party arrangements.

Objective 4– Provide for an orderly and expedited recovery after a disruptive event.

Information Security and Business Continuity Policy

Nomba is committed to the confidentiality, integrity and availability of her information assets and shall implement measures through the establishment.

Nomba is committed to continual improvement of her information security and business continuity program to protect the organization’s information assets against all threats.

Nomba is also committed to complying with all applicable legal, regulatory, and contractual requirements related to information security and business continuity in her services and operations.

All users and custodians of information assets owned by or entrusted to Nomba shall comply with this policy and exercise a duty of care in relation to the storage, processing, and transmission of the organization’s information and information systems.