Mobile version coming soon
Information security management system policy (ISO 27001:2013)

<ul>
    <li><span style="font-family:montserrat-medium;">The Company shall establish, implement, maintain and continually improve an information security management system, in accordance with the requirements of International Standard and legislations of Mongolia, which provides information security for shareholders, bondholders, servicer banks, associates and borrowers, as well as protecting their rights and maintaining the Company&rsquo;s business continuity.&nbsp;</span></li>
</ul>

<p>&nbsp;</p>

<ul>
    <li><span style="font-family:montserrat-medium;">The Company, in order to implement information security actions, shall define and assign the relevant roles and responsibilities within the company for ensuring and monitoring the effective implementation.</span></li>
</ul>

<p>&nbsp;</p>

<ul>
    <li><span style="font-family:montserrat-medium;">The Company shall establish required processes and procedures for Information Security that ensures Confidentiality, Integrity, and Availability of Information, in accordance with Organizational Structure and ensure that all employees and contractors comply with the Procedures in their day to day operations.</span></li>
</ul>

<p>&nbsp;</p>

<ul>
    <li><span style="font-family:montserrat-medium;">The Company shall conduct information security-related training and awareness for employees as well as contractors on a regular basis, in order to continually improve information security.&nbsp;</span></li>
</ul>

<p>&nbsp;</p>

<ul>
    <li><span style="font-family:montserrat-medium;">The Company shall define and implement required monitoring and measuring systems and processes for evaluating the implementation of ISMS actions, improve internal audit system and exercise appropriate controls within the Company.</span></li>
</ul>