Information Security Policy Statement

E-CRIME BUREAU (“we”, “us”, or “the Bureau”) takes the security of information seriously. We are committed to protecting the confidentiality, integrity, and availability of all information entrusted to us — by our clients, partners, and employees.

This Policy forms the foundation of our Information Security Management System (ISMS), which has been developed in alignment with ISO/IEC 27001.

This policy applies to all information assets owned or processed by the Bureau including employee and client data, business records, intellectual property, and supporting infrastructure. It covers all employees, contractors third-party service providers and stakeholders who handle information, across all locations and systems.

 
We manage information security across three core pillars:

🔒 Confidentiality

We ensure information is only accessible to those who are authorised.

Integrity

We protect information from unauthorised modification or corruption.

Availability

We ensure information and systems are available when needed.

This policy supports our obligation to:

  • Safeguard Information Assets:we achieve this through the implementation of relevant controls to protect data against unauthorised access, disclosure, alteration, and destruction.
  • Ensure Legal and Regulatory Compliance:the Bureau complies with all applicable laws such as Data Protection Act, 2012 (Act 843), Cyber Security Act 2020 (Act 1038), Electronic Transaction Act 2008 (Act 772) and applicable international regulations, contractual obligations and agreements related to information security and data protection.
  • Manage Security Risks:we proactively identify, assess, and mitigate risks that could lead to information security incidents or data breaches.
  • Maintain Business Continuity:we maintain tested Business Continuity and Disaster Recovery Plans to ensure the continued availability of critical systems and data in the event of disruption.
  • Enhance Security Posture:we continuously monitor, review, and improve our information security practices to adapt to evolving threats and best practices.

We handle all client and stakeholder information responsibly. Personal data is processed in accordance with our Privacy Notice and applicable data protection legislation.