
Information Security Management System (ISMS) Policy Statements
1. Information Security Commitment
Prophius Limited is committed to protecting the confidentiality, integrity, and availability of all business-critical and client-related information. This commitment underpins our service delivery, client trust, regulatory compliance, and competitive advantage.
We will maintain, monitor, and continuously improve our ISMS to meet the requirements of ISO/IEC 27001:2022 and other relevant standards and regulations.
2. ISMS Scope
Our ISMS applies to all information assets, business processes, technologies, and personnel involved in the design, development, delivery, and support of Prophius products and services.
3. Compliance and Regulatory Alignment
We ensure full compliance with relevant legal, regulatory, and contractual obligations, including NDPA, CBN circulars, and client-specific security requirements.
4. Leadership and Governance
Executive Management leads the ISMS by:
- Ensuring alignment with business strategy;
- Providing adequate resources;
- Reviewing ISMS performance regularly;
- Promoting a culture of accountability and information security awareness across all levels.
5. Information Security Objectives
Prophius has defined the following measurable information security objectives:
- Achieve 85% assurance of system availability and operational resilience;
- Ensure 100% protection of customer confidential data;
- Maintain zero tolerance for unhandled information security incidents;
- Reach 80%+ staff-wide awareness of security practices through ongoing training;
- Secure all critical assets and core business systems with baseline and compensating controls.
6. Roles and Responsibilities
Every Prophius staff member is responsible for safeguarding information. The ISMS Manager oversees implementation, compliance, and incident response, supported by the Information Security Governance Committee.
7. Risk-Based Approach
We proactively identify, assess, and treat information security risks to support secure business operations. Risk assessments are reviewed annually or after major organizational changes.
8. Continual Improvement
We are committed to continual ISMS improvement through:
- Regular internal and external audits;
- Prompt remediation of non-conformities;
- Leveraging feedback and incidents to inform updates;
- Maintaining certification to ISO/IEC 27001:2022.
9. Staff Competence and Awareness
Security awareness is mandatory for all staff. Prophius provides regular training, role-based education, and refresher programs to ensure employees stay informed and vigilant.
10. Internal and External Audit
ISMS performance is assessed through:
- Management Reviews;
- Internal audits by certified auditors;
- External certification and surveillance audits.
11. Incident Reporting
All incidents or policy breaches must be reported promptly to the ISMS Manager. Reports can be submitted anonymously via: 📧 [email protected]
12. Policy Review and Governance
This ISMS Policy is reviewed:
- Annually;
- Upon major regulatory or organizational changes;
- After significant security events or audit findings.
Updates are approved by Executive Management and shared with all stakeholders.