Information Security Policy

Introduction Securify was founded in 2013 by people with a passion for preventive security and it has steadily grown from a start-up to a serious business. Since 2021, Securify is majority-owned by Solvinity, adding value to Solvinity’s managed IT services in addition to servicing its own customers independently. At its core, Securify remains a group of technical experts working to improve preventive security in a variety of industries.

This information security policy gives structure and guidance to everyone at Securify to ensure the security of Securify’s information and that of its customers and partners.

Goal The objective of this information security policy is to provide documentation that, when followed, leads to a state of control of the confidentiality, integrity, and availability of Securify’s own data and the (confidential) data it receives from clients. This means that Securify prevents or detects potential security incidents by establishing an Information Security Management System (ISMS) and meet laws and regulations.

The information security policy is partially published online: the overall document is publicly available and the in-depth strategic, tactical and operational documentation is internal-only. This is done as a measure of transparency that contributes to the trust that others place in Securify. Internally, this document will give structure to and provide a set of guidelines for dealing with information and systems that process information, about the physical security of our building and guarding our business continuity.

Ultimately this policy and its accompanying strategic, tactical and operational documentation ensure that all employees of Securify handle information in the same manner thereby applying the same controls and ensuring Securify keeps it and its clients’ information safe.

How to achieve this? This is achieved by starting at the top and taking responsibility for Security, establishing goals and setting up a governance framework. This CISO is responsible for creating, implementing an ISMS and guiding Securify to a verifiable state of being in control. This is verified by an independent external party on a yearly basis, resulting in maintaining our ISO 27001 certification. For Securify this is only the beginning of being in control of security. Besides the CISO role we believe in wisdom of the crowd and will involve our organization to participate in the creation and maintenance of our security.

Information security principles The following information security principles have been established for the relevant domains. Everyone in the company should know about and comply with these principles.

ICT

• Securify protects information and the underlying systems against cybercrime. Information can come from customers, suppliers and from Securify itself.
• Securify actively works on chain cooperation with customers and suppliers and within this cooperation Securify ensures a secure exchange of information.
• Securify ensures that vulnerabilities are identified and resolved.
• Securify ensures that information systems are always up to date.
• Securify ensures that data in information systems is available in such a way that business processes are not disrupted.
• Securify ensures integrity of data in information systems.
• Securify ensures confidentiality of data in information systems, in particular sensitive information such as personal data.

HR

• Securify guarantees the privacy of personnel information.
• Securify ensures that personnel are adequately trained to fulfill the information security tasks and responsibilities assigned to it.
• Securify ensures that personnel are suitable for the position they perform.

Facilities

• Securify ensures physical protection of the information and its underlying systems.

Business continuity

• Securify guarantees continuity of service after an emergency.