1. Purpose
JointValues establishes this policy to declare its absolute commitment to the security of information and the protection of data privacy. This document defines the strategic direction and management intent to protect the Confidentiality, Integrity, and Availability of all information assets, thereby ensuring the trust of our clients and stakeholders in our purpose to “Advance Sustainability.”
2. Scope
This policy applies to all employees, “Domain Specialists,” contractors, and third-party vendors who access, process, or store information on behalf of JointValues. It encompasses all physical and digital information assets, intellectual property, and infrastructure.
3. Strategic Commitments
3.1. Commitment to Information Security
JointValues is committed to implementing and maintaining an Information Security Management System (ISMS) grounded in globally recognized best practices. We commit to a risk-based approach, ensuring that security measures are always proportionate to the sensitivity of the data we handle and the risks we face.
We shall internally audit and verify our controls to ensure our security objectives are met. JointValues further commits to aligning its ISMS framework with international standards, such as ISO/IEC 27001:2022, and strives to achieve external certification as the system matures.
3.2. Commitment to Legal & Regulatory Compliance
We pledge full compliance with all applicable legal, statutory, and contractual requirements. Specifically, JointValues shall adhere to:
- All applicable regulations as amended from time to time (including the Digital Personal Data Protection Act, 2023).
- Relevant ESG assurance standards.
- Client-specific data security mandates.
3.3. Commitment to Privacy & Data Protection
We recognize the privacy of individuals (Data Principals) as a fundamental right. JointValues commits to:
- Process personal data lawfully, fairly, and transparently.
- Collect only the data strictly necessary for legitimate business purposes (Data Minimization).
- Respect and facilitate the rights of Data Principals, including the right to access, correct, and erase their data.
3.4. Commitment to Client Confidentiality
We are committed to ensure the confidentiality of all client information, including audit findings, proprietary methodologies, and sensitive ESG data. We shall maintain the independence and integrity required of an assurance provider by strictly controlling access to client data.
3.5. Commitment to Continual Improvement
Security is a continuous journey. JointValues leadership commits to the continual improvement of the ISMS and data privacy practices through:
- Setting and reviewing measurable information security objectives.
- Allocating necessary resources (financial, human, and technical).
- Conducting regular management reviews and internal audits.
4. Policy Mandates
- Risk Management: We shall periodically identify, assess, and treat information security risks to keep them within acceptable levels.
- Third-Party Governance: We require all “Domain Specialists,” suppliers, and partners to adhere to our information security and privacy standards.
- Zero Tolerance: JointValues maintains a zero-tolerance policy towards willful negligence or malice regarding information security. Violations shall result in disciplinary action.
5. Authority
This policy is approved by the Top Management of JointValues and shall be reviewed biannually or upon significant changes to the business or regulatory environment.