Information Security Statement

Xakia is committed to understanding and effectively managing risks related to Information Security to provide greater certainty and confidence for our shareholders, employees, customers, suppliers and for the communities in which we operate. Finding the right balance between information security risk and business benefit enhances our business performance and minimises potential future exposures.

It is the policy of Xakia to ensure:

  • Information will be protected against unauthorised access.
  • Confidentiality of information will be maintained.
  • Information will not be disclosed to unauthorised persons through deliberate or careless action.
  • Integrity of information through protection from unauthorised modification.
  • Availability of information to authorised users when needed.
  • Information security training must be completed by all staff.
  • All suspected breaches on information security will be reported and investigated.

Any individual dealing with information at Xakia, no matter what their status (e.g.; employee, contractor, or consultant), must comply with the information security policies and related information security documents published on Xakia’s intranet. This policy applies to all information, computer and network systems governed, owned by and/or administered by Xakia.

The objectives of these policies are to:

  • Protect and safeguard the data of all Xakia Customers.
  • Effectively implement and monitor the Information Security Management System.
  • Have minimal Non-Compliance findings for each quarterly internal audit cycle and annual external compliance audit.
  • Ensure any information assets used in the provision of software to our customers receives a proper risk assessment and adequate controls.
  • Ensure the business never encounters software licence issues.
  • Outline the framework for security testing on our software, and in particular, third party

    penetration testing in order to ensure no technical issues arise.

  • Provide the compliance framework for any legal obligations and industry best practices.
  • Educate staff to allow them to independently make informed decision with regards to the secure handling of IT assets and information which is owned by Xakia within the framework of the information security policies. While also ensuring their proficiency in Xakia’s Information Security Management System empowers them to contribute to the success of our Information Security.
The goals of information security management are to:
  • Have information security controls in the framework of information security policies so as to provide a secure environment for the operation of the Xakia’s business.
  • Identify through appropriate risk assessment, the value of information assets and to understand their vulnerabilities and the threats that may expose them to risk.
  • Manage the risks to an acceptable level through the design, implementation and maintenance of appropriate security processes and controls.
  • Comply with legislation and industry best practices that apply to Xakia.

All personnel have a responsibility to report perceived and actual information relating to information security breaches and or IT incidents either to the IT Service Desk or to their immediate managers.

Management and employees are responsible for embedding information security risk management in our core business activities, functions and processes. Information Security Risk awareness and our tolerance for risk are key considerations in our decision making.

This policy, together with the objectives and targets set, will be reviewed on an annual basis to ensure that it remains relevant and suitable to be operations of Xakia, and contribute to the continuous improvement of our ISO 27001 certification and Information Security Management System.

 

Jodie Baker
Founder & CEO
& Brett Graves
CTO