The Purpose and Scope of the Information Security Policy
The Information Security Policy aims to specify critical standards for ensuring the accessibility, privacy, and integrity of AI Business School’s information systems and assets.
With the understanding that information assets are critical to corporate operations and functions, our Company strives to achieve the following goals:
Through sub-policies, procedures, and directives relevant to this policy, AI Business School establishes and oversees the controls required to operate and maintain the Information Security Management System processes.
Our Information Security Policy applies to all domestic and international employees of AI Business School. As well as people who use AI Business School’s information or business systems, third-party service providers and their support staff who are not employees of the Company but have access to the Company’s information due to contractual agreements.
2.1. The Board of Directors and Top Management
The Board of Directors approves the Information Security Policy, which determines the information security strategy and roadmap and requires its implementation to develop an effective information security management structure.
Senior Management allocates the required resources and authority/duty for the Information Security Management System’s establishment and operation.
2.2. All Employees
All employees must follow all policies and procedures outlined in the Information Security Management System category, report any security breaches or violations, and complete all required tasks.
The main goal of the Information Security Policy is to protect, maintain, and manage the confidentiality, integrity, and availability of information and all supporting business systems, processes, and applications.
This means that the information and data remain in competent hands, ensuring it is complete, accurate, available, and known to systems when needed. As a result, AI Business School’s Information Security Policy must be followed by all AI Business School employees, interns, outsourced personnel, dealers, and suppliers.
In this context, asset and process owners are required to:
Employees must follow the AI Business School Global Code of Conduct and preserve confidential information as outlined in the AI Business School Personnel Regulation. Furthermore, AI Business School agrees to comply with the Personal Data Protection Regulation and take the precautions indicated in the Personal Data Protection Regulation.
2.3. Third Parties
The necessary contracts and standards define the Information Security arrangements that third parties must follow to deliver goods and services to AI Business School and its personnel. These should include at least the following:
IT Security Management will be responsible for the functional ownership of this policy and any standards, supporting papers, and training activities. It will also advise and direct the policy’s implementation throughout AI Business School.
IT Security Management will guarantee that all workers receive adequate training to maintain a high awareness of information security issues and provide general guidance on handling information security incidents.
This will ensure that this policy is backed up by precise standards, procedures, and processes when needed and available. It will also be responsible for ensuring that these policy requirements are communicated to all permanent and temporary workers, as well as all contractors. Furthermore, IT Security Management provides all employees with all policy requirements, whether permanent or temporary, and all contractors.
The principles of the Information Security Policy should be followed by AI Business School Human Resources Employee Regulations. Employees are also accountable for being aware of and adhering to the principles of the Information Security Policy.
The primary responsibility of each unit manager is to take the required precautions and monitor the system to ensure compliance with the Information Security Policy.
IT Security Management is in charge of conducting periodic audits and reporting to the appropriate parties on compliance with all stated policies and procedures, particularly the Information Security Policy.
Internal disciplinary sanctions, termination of employment, and even the commencement of Judicial and Criminal legal procedures may be implemented if violations of the Information Security Policy are discovered as a consequence of both surveillance, inspection, and notice.
Working together to follow this policy will help us maintain our knowledge and reputation throughout time, as well as assure the success of our business.
AI Business School Information Security strives to maintain AI Business School’s reputation, reliability, information assets, and primary and supporting business activities with the fewest potential business interruptions.
All personnel is responsible for contributing to the policy’s objectives.