Last Revised: 14 January 2022

Version: 1.1

This policy applies to all information held regarding the employees, customers and users of Valuechain Technology Ltd. The purpose of the Policy is to protect Valuechain’s information assets from all threats, whether internal or external, deliberate or accidental. Valuechain is committed to the establishment and monitoring of systems to provide appropriate data protection for its Customers and Staff. It is therefore the policy of Valuechain to:

• Ensure the confidentiality of corporate, and client information;
• Protect sensitive information (however stored) against unauthorised access;
• Maintain the integrity of all information;
• Ensure the availability of information, as required;
• Provide information security training for all staff;
• Ensure that the expectations and requirements of all interested parties, in relation to Information Security, are met;
• Make information available to authorised business processes and employees when required;
• Meet all regulatory and legislative requirements;
• Produce business continuity plans for business activities that are regularly maintained and tested;
• Ensure that all breaches of information security, actual or suspected, will be reported to and investigated by Valuechain security personnel and opportunities for improvement will be identified and acted upon.
• Comply with the requirements of ISO 27001:2013 for information security; and
• Communicate this policy statement to the public, through our website and on request.

The policy is dynamic and includes a commitment to continual improvement through a process of incident reporting, risk assessment and regular audits. It provides a framework for establishing and reviewing security objectives. Management is responsible for communicating the company’s Information Security Policy and making sure it is understood at all levels.