Skip to content

Compliance

Effective starting: Nov 4, 2022

IMS Policy

  • Dojah is committed to maintaining and improving its information security, business continuity and service management processes by adopting an integrated management system to meet and surpass the expectations of its stakeholders, and comply with all relevant regulations and industry requirements.
  • This provides a framework for integration of the ISO 27001:2013, ISO 22301:2019 and ISO 20000:2018 standards.

It is our Policy to ensure that:

  • All information and systems will be protected against unauthorized access and disclosure.
  • Confidentiality of information will be maintained.
  • Integrity of information is protected from unauthorized modification.
  • Regulatory and legislative requirements will be met.
  • Business continuity plans will be maintained and tested (as far as practicable)
  • All suspected breaches of information security will be reported and investigated.
  • Adequate prevention and detection of malware is in place.
  • Information Security Policies are in place to ensure the safe practice of using our computer and information systems.
  • Quality products and services are always rendered to customers.
  • Customers’ needs and expectations will be met in line with the agreed service and requirements.
  • Competent external providers that meet all pre-qualifications requirements are engaged.
  • Optimal internal business processes and customer satisfaction, delight, and retainership.
  • Continually improve the effectiveness of the Service Management System, Business Continuity Management System and Information security Management System and will comply with all applicable legal, regulatory, and contractual requirements related to the Integrated Management Systems in its services and operations.
  • Users of Dojah’s information and information assets shall comply with this policy and exercise a duty of care in relation to the operation and use of Dojah’s information and information systems.

Third Party Information Security Policy

Dojah’s relationships with third parties are based on a clear understanding of its expectations and requirements in the area of information security. These requirements have been documented and agreed in a way that leaves no doubt about the importance we place on the maintenance of effective controls to reduce risk.

The following address Third party information security in Dojah:

  • A due diligence exercise must be completed by an authorized business area/department for all third parties who will access or could potentially access Dojah information.
  • Contracts with third parties accessing Dojah information must clearly state their obligations in terms of protecting information assets.
  • Formal third-party risk assessments for all high risk third parties must be updated at least every 12 months if the contract period is longer than one year.
  • Changes to third party contracts or service level agreements must be managed through a formal change management process.
  • Third parties must inform Dojah of changes undertaken within their environment that may impact the delivery of services.

Users of Dojah’s information and information assets shall comply with this policy and exercise a duty of care in relation to the operation and use of Dojah’s information and information systems.

Data Privacy

Dojah is Compliant with Data Privacy laws.