At TECBOMO, we prioritize the security and protection of our information assets to safeguard our business operations, customer data, and intellectual property. We understand the criticality of maintaining a robust information security program to mitigate risks and ensure the confidentiality, integrity, and availability of our systems and data. To that end, we have developed the following Information Security Program Statement:

​

1. Information Security Governance: We have established a clear governance framework to oversee and guide our information security program. This framework includes the definition of roles and responsibilities, the establishment of policies and procedures, and the allocation of adequate resources to support security initiatives.

2. Risk Management: We conduct regular risk assessments to identify potential threats, vulnerabilities, and impacts to our systems and data. Based on the assessment results, we prioritize risks and implement appropriate controls to mitigate them effectively. We strive to maintain a risk-aware culture and encourage all employees to report security incidents or concerns promptly.

3. Security Awareness and Training: We believe that security is everyone's responsibility. We provide comprehensive security awareness and training programs to educate our employees about information security best practices, policies, and procedures. This helps foster a security-conscious culture and empowers individuals to make informed security decisions.

4. Access Control: We enforce strict access control measures to ensure that only authorized individuals have access to our systems, applications, and data. We implement a principle of least privilege, granting employees access privileges based on their job requirements. Multi-factor authentication and strong password policies are utilized to enhance access security.

5. Data Protection: We implement appropriate safeguards to protect sensitive and confidential data throughout its lifecycle. This includes encryption of data at rest and in transit, regular data backups, and secure data disposal practices. We adhere to applicable data protection regulations and industry best practices.

6. Incident Response and Business Continuity: We maintain an incident response plan that outlines the steps to be taken in the event of a security incident or breach. This includes procedures for incident detection, containment, eradication, and recovery. Additionally, we have a business continuity plan in place to minimize disruptions and ensure the timely resumption of critical business functions in the event of a disaster or significant incident.

7. Third-Party Security: We recognize the importance of assessing the security practices of our third-party vendors and partners. We conduct due diligence assessments and implement contractual obligations to ensure that they meet our security standards and protect our information assets.

8. Compliance: We are committed to complying with all applicable laws, regulations, and industry standards regarding information security and privacy. We regularly monitor changes in the regulatory landscape and update our practices accordingly to maintain compliance.

9. Continuous Improvement: We believe in continuous improvement of our information security program. We regularly evaluate the effectiveness of our security controls, conduct audits and penetration tests, and engage in ongoing security monitoring and threat intelligence gathering. This enables us to adapt to evolving threats and enhance the overall security posture of our organization.

 

By adhering to these principles and continually investing in our information security program, we strive to protect our business, our customers, and our stakeholders from potential security risks and threats.