⚠️ The Orda application is undergoing a system update and may be temporarily unavailable. ⚙

Introduction:

This Information Security Management System (ISMS) Policy outlines our company’s commitment to maintaining the security, confidentiality, integrity, and availability of information assets, ensuring compliance with regulatory requirements in the cryptocurrency industry. Management is fully committed to the establishment, implementation, and continual improvement of the ISMS, in accordance with ISO 27001:2022. This policy serves as the foundation for our information security practices and sets the framework for the implementation and continuous enhancement of our ISMS.

Scope:

This ISMS Policy applies to all information assets, systems, processes, and personnel within our organization, including physical premises, IT infrastructure, customer data, and operations related to virtual asset services. It encompasses all activities and functions carried out by our company, irrespective of location or platform, and includes relevant third-party partners who have access to our information assets.

Information Security Objectives:

Our information security objectives, aligned with ISO 27001:2022, are as follows:

  • Protect customer funds, data, and digital assets from unauthorized access, loss, theft, or damage.

  • Ensure compliance with applicable laws, regulations, and standards, including the Regulation on VASP operation and the Law on Virtual Asset Service Providers.

  • Implement and maintain an ISO 27001:2022 certified ISMS to establish a systematic approach to information security management.

  • Continuously monitor and improve our information security controls, processes, and technologies to address emerging threats and vulnerabilities.

  • Foster a culture of information security awareness and responsibility among our employees through training and ongoing education.

Information Security Controls:

To achieve our information security objectives, we shall:

  • Implement and maintain appropriate technical, physical, and administrative controls to protect information assets and prevent unauthorized access, modification, or disclosure.

  • Conduct regular risk assessments and risk management activities to identify and mitigate potential information security risks.

  • Enforce access controls, including user authentication, authorization, and segregation of duties, to ensure that access to information assets is granted based on defined roles and responsibilities.

  • Maintain incident response and business continuity plans to promptly address and mitigate the impact of information security incidents and ensure the availability of critical systems and services.

  • Regularly monitor and audit our information security controls to assess their effectiveness and identify areas for improvement.

  • Engage in continuous improvement activities to enhance our ISMS and adapt to changing information security requirements and industry best practices.

Compliance and Governance:

We are committed to complying with all applicable legal, regulatory, and contractual obligations related to information security and privacy. We shall establish clear governance structures, roles, and responsibilities to ensure effective oversight, monitoring, and reporting of our information security practices. Regular internal and external audits will be conducted to assess our compliance with the ISMS and relevant regulatory requirements.

Employee Responsibilities:

All employees have a responsibility to adhere to this ISMS Policy and actively contribute to maintaining the security of our information assets. Employees are expected to comply with information security policies, procedures, and guidelines, report any security incidents or vulnerabilities promptly, and participate in training and awareness programs to stay informed about information security best practices.

Communication and Awareness:

We shall communicate this ISMS Policy to all employees, stakeholders, and relevant parties. We will promote information security awareness through regular training, awareness campaigns, and ongoing communication to ensure a shared understanding of our commitment to information security.

Policy Review:

This ISMS Policy shall be reviewed annually, or more frequently as required, to ensure its ongoing suitability, adequacy, and effectiveness. Any necessary updates or amendments will be made to align with changes in the regulatory environment, business requirements, or emerging threats and vulnerabilities.

This ISMS Policy is endorsed by management and serves as the guiding document for our information security practices. Compliance with this policy is mandatory for all employees and contractors.