Information Security Policy

Policy Statement

PalTech is committed to safeguard the confidentiality, integrity, availability, security, and privacy of information and ensures accountability of secure information usage by all employees and interested parties through-

• Implementing a comprehensive Information Security Management System (ISMS) compliant with ISO 27001:2022, HIPAA and GDPR standards.
• Regularly assessing the information security risks and implementing the appropriate measures to mitigate identified risks.
• Providing ongoing training and support to all the staff to ensure they understand their roles and responsibilities to safeguard sensitive information.
• Regularly reviewing and updating the ISMS to address new security challenges and business changes.

Information Security Principles

• Confidentiality: Ensuring that information is accessible only to those authorized to have access.
• Integrity: Assuring the accuracy and completeness of information and processing methods.
• Availability: Providing that authorized users have access to information and associated assets when required.
• Security: Safeguarding the systems and data from unauthorized access, use, disclosure, disruption, modification, or destruction.
• Privacy: Ensuring that personal information is collected, used, and disclosed in accordance with applicable laws and regulations.

Risk Management

The organization regularly carries out risk assessments to identify, evaluate, and address risks associated with information security.

Incident Management

A structured approach is practiced in handling security breaches or incidents, which includes incident reporting, investigation, and mitigation strategies to prevent future occurrences.

Compliance

Compliance with this policy is monitored and reviewed as part of the ongoing performance evaluation process. Violations of this policy will result in disciplinary action, which may include termination and legal action, depending on the severity of the breach.