Information security management system policy (ISO 27001:2013)
The Company shall establish, implement, maintain and continually improve an information security management system, in accordance with the requirements of International Standard and legislations of Mongolia, which provides information security for shareholders, bond holders, servicer banks, associates and borrowers, as well as protecting their rights and maintaining the Company’s business continuity.
The Company, in order to implement information security actions, shall define and assign the relevant roles and responsibilities within the company for ensuring and monitoring the effective implementation.
The Company shall establish required processes and procedures for Information Security that ensures Confidentiality, Integrity and Availability of Information, in accordance with Organizational Structure and ensure that all employees and contractors comply with the Procedures in their day to day operations.
The Company shall conduct information security related trainings and awareness for employees as well as contractors on a regular basis, in order to continually improve information security.
The Company shall define and implement required monitoring and measuring systems and processes for evaluating the implementation of ISMS actions, improve internal audit system and exercise appropriate controls within the Company.
The Company shall establish, implement, maintain and continually improve an information security management system, in accordance with the requirements of International Standard and legislations of Mongolia, which provides information security for shareholders, bond holders, servicer banks, associates and borrowers, as well as protecting their rights and maintaining the Company’s business continuity.
The Company, in order to implement information security actions, shall define and assign the relevant roles and responsibilities within the company for ensuring and monitoring the effective implementation.
The Company shall establish required processes and procedures for Information Security that ensures Confidentiality, Integrity and Availability of Information, in accordance with Organizational Structure and ensure that all employees and contractors comply with the Procedures in their day to day operations.
The Company shall conduct information security related trainings and awareness for employees as well as contractors on a regular basis, in order to continually improve information security.
The Company shall define and implement required monitoring and measuring systems and processes for evaluating the implementation of ISMS actions, improve internal audit system and exercise appropriate controls within the Company.
