ISMS Policy Statements

ISO 27001 Information Security Management System (ISMS) Policy (Abridged Version)

Introduction

This policy defines how Information Security will be set up, managed, measured, reported and developed within the bank.

Scope of the ISMS

The boundaries of the Information Security Management System are defined as follows:

The Information Security Management System (ISMS) covers all applicable elements of the ISO/IEC 27001:2013 standard. It applies to the entire operations, products and services, business functions and their related information, people and technology as documented.

Information Security Requirements

A clear definition of the requirements for information security has been agreed and this is maintained. This ensures that all ISMS activities are focused on the fulfilment of those requirements. Statutory, regulatory, and contractual requirements have been documented and serve as input into planning processes. Specific requirements regarding the security of new or changed systems or services are factored in as part of the design stage of each project.

ISMS controls implemented are driven by business needs.

Top Management Leadership and Commitment

Commitment to information security extends to senior levels of the organization and is demonstrated through this ISMS Policy and the provision of appropriate resources to provide and develop the ISMS and associated controls.

Top management ensures that a systematic review of performance of the programme is conducted on a regular basis to ensure that quality objectives are being met and quality issues are identified through an appropriate audit programme and management processes.

Information Security Management System (ISMS) Objectives

ISMS objectives are based on a clear understanding of business requirements, informed by management review with stakeholders.

These objectives are as follows:

To maintain client security within the upper quartile amongst peers;

To meet Information and Cyber Security risk reduction and risk appetite targets;

To achieve compliance with all relevant Information and Cyber Security regulations; and

To maintain organisational and operational resilience to counter or absorb evolving cyber threats.

Disclaimer

This is to inform that by clicking on the hyperlink, you will be leaving www.sc.com/gh and entering a website operated by other parties:

Such links are only provided on our website for the convenience of the Client and Standard Chartered Bank does not control or endorse such websites, and is not responsible for their contents.

The use of such website is also subject to the terms of use and other terms and guidelines, if any, contained within each such website. In the event that any of the terms contained herein conflict with the terms of use or other terms and guidelines contained within any such website, then the terms of use and other terms and guidelines for such website shall prevail.

Thank you for visiting www.sc.com/gh

 

PROCEED