1.        Purpose and Scope

Aprexo’s business is the design, development and sale of enterprise data management solutions. The products are cloud agnostic, available as “Software as a Service” or installed in clients’ environments. 

This document defines the purpose, direction, principles and basic rules for Aprexo’s information security management. This policy is applied to the entire Information Security Management System (‘ISMS’). The following are included in the scope of the ISMS:

• Aprexo’s development of enterprise data management solutions and their sale to clients

• The external-facing activities necessary to do this, such as production environments, marketing, business development, www.aprexo.com and shareholder relations

• The internal activities required, such as employee recruitment, retention, motivation and reward, development environments, development practices, keeping good corporate records, and email and document storage systems

• Contracts with suppliers in order to achieve all of the above

All Aprexo’s activities for all clients are in scope, anywhere in the world.

The users of this document are all Aprexo people, whether employees or consultants, and relevant external parties. 

​

2.        Objectives

The general objectives for the ISMS are:

• Reducing the risk of information security incidents occurring

• Reducing the damage caused by information security incidents

• Compliance with the GDPR

• Creating a better image with prospects, clients and the market generally

• Ensuring these goals are in line with the organisation's business objectives, strategy and business plans

The ISMS must be compliant with legal and regulatory requirements relevant to Aprexo in the field of information security and personal data protection, including ISO 27001, as well as with Aprexo’s contractual obligations.

Aprexo’s management team is responsible for reviewing these general ISMS objectives and setting new ones where necessary. Individual detailed controls can be proposed by any Aprexo person and are approved by the management team in the Statement of Applicability. 

All ISMS objectives and detailed policies are reviewed at least once a year.

 

3.         Measurement

Aprexo will measure the fulfilment of all the objectives. The management team will ensure that people with appropriate skills and expertise are involved in setting the methods for measuring the achievement of the objectives. The measurements will be performed at least once a year and the management team, supported by others where needed, will analyse and evaluate the measurement results as input materials for management’s review. 

Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for                   that purpose or those purposes. 

​