INTRODUCTION

This policy defines how the information security management systems will be set up, managed, measured, reported on and developed within Hugo.

Hugo, has committed to ensuring its information is secure by maintaining ISO/IEC 27001 certification and that the effective adoption of Information Security best practice is continually being validated by an external third party.

It is, therefore, Hugo’s policy to ensure:

ISMS POLICY STATEMENT

• Hugo’s current strategy and Information Security Management System provides the context for identifying, assessing, evaluating and controlling information/processes/service-related risks through establishment and maintenance of the ISMS. The risk assessment and risk treatment plan capture how identified risks are controlled in alignment with Hugo’s risk management strategy.

• Information security education, awareness and training are made available to all stakeholders

• In particular, business continuity and contingency plans, data security procedures, access control to systems and information security incident reporting are fundamental to this policy. All employees of Hugo shall have the responsibility of reporting incidents in real time or as they are discovered.

• The ISMS shall be subject to continuous and systematic review with improvements adopted, where necessary.

• Management is committed to the continual improvement of the ISMS in the Organizations.

• All employees of Hugo and external parties identified in the ISMS are expected to comply with this policy. All staff and certain external parties will receive or be required to provide appropriate evidence of training.

• Breach of the policy or security mechanism may warrant disciplinary measures, up to and including termination of employment/contract as well as legal action in line with the (Nigerian) Cybercrime Prohibition Act 2015.