Security

October 29, 2018

Decideware Development Pty Ltd Information Security Management System Policy Statement

Decideware provides software solutions which enable advertiser clients to assess, manage, and monitor marketing agency and strategic supplier relationships and performance. It is a key responsibility for Decideware to protect all sensitive and confidential information entrusted to Decideware from the rapidly evolving nature of security threats that may affect business operations and the organizations reputation.

The Chairman, CEO, Senior Management and all employees are committed to an effective Information Security Management System in accordance with Decideware’s strategic business objectives.

Decideware considers Information Security aspects as a top priority for client confidence, legal, regulatory and contractual compliance and is committed to ensuring all information is handled in a secure manner and maintaining the ISMS to meet the requirements of ISO27001:2013 and ISO27017:2015.

Objective

To ensure business continuity and minimise business damage by preventing and minimising the impact of security incidents. In deploying the Decideware ISMS, the Management Team aims to maintain existing known risks at their current low level and ensures that new and changing risks are managed in an equally consistent and professional manner.

Purpose

To protect both Decideware and Decideware’s clients’ physical and electronic information assets from all threats, both internal and external, deliberate or accidental.

Decideware’s Chief Executive Officer has approved the Information Security Management Policy (Policy).

Protection of information is set out in terms of:

• Confidentiality: ensuring only persons who are authorized have access to information
• Integrity: ensuring the purity, accuracy and completeness of information
• Availability: ensuring information, associated assets, and systems can be accessed when required by authorized persons
• Regulatory: regarding regulations, laws and codes of practice in each country where it operates as a minimum standard in its Information security management standard

Decideware will:

• Ensure that Decideware’s management and employees comply with the requirements of the Policy and that confidentiality of information will be maintained
• Minimize the risk of damage to company assets, information, reputation, hardware, software or data
• Ensure that Decideware’s people and computer systems do not infringe any copyright, licensing or laws
• Set out clearly Decideware’s policies relating to all aspects of the management of information, hardware, firmware, software and prevention and detection of malware
• Define a systematic approach to risk assessment by identifying a method that is suited to the ISMS, the identified business information security, legal and regulatory requirements and setting policy and objectives for the ISMS to reduce risks to acceptable levels
• Maintain business continuity plans and ensure these are tested and effective (as far as practicable)
• Provide appropriate training for all employees
• Maintain the ISMS based on a schedule of Internal and external audits.
• Review the Information Security Management Policy on an annual basis or when significant legislation or organization changes require an update

Responsibilities and delegations

The overall responsibility for ensuring that the Policy is implemented, developed and reviewed effectively rests with the Chief Executive Officer. This responsibility will be delegated throughout the management structure reflecting Decideware’s continued commitment to Security at all levels.

The Chief Information Officer has direct responsibility for maintaining the Policy and providing advice and guidance on its implementation. The Chief Information Officer is responsible for the monitoring, evaluation and reporting of compliance to the Policy.

All managers are directly responsible for implementing the Security Policy within their business areas, and for adherence by their staff.

It is the responsibility of each member of staff to be familiar with and adhere to the Policy and relevant standards and procedures. Failure to adhere to the Security Policy may result in disciplinary action.

This statement represents Decideware’s general position on Information Security issues, and the policies and practices applied in conducting business.

ISO 27001:2013

Decideware, the world’s leading provider of agency management solutions for major advertisers, is pleased to announce its successful achievement of the International Organization for Standardization’s respected ISO 27001:2013 Information Security Management System certification.

This standard formalizes the requirements of an ISMS - a systematic approach to keep sensitive information and assets secure within organisations. It includes the application of a risk management framework to people, processes and IT systems.

Additionally, and alongside ISO 27001 certification Decideware has also achieved ISO 27017:2015 Cloud Security Management System certification, a code of practice for information security controls for cloud services.

To achieve these certifications, a company must show it has a systematic and ongoing approach to managing sensitive company and customer information. As such, ISO 27001 certification is a dynamic process, requiring at least annual audits and periodic renewal of the certification.

For further information, contact:

Arnold van den Bovenkamp – Chief Information Officer

abovenkamp@decideware.com

+61 2 9959 0600