1. Purpose & Commitment
At xXenta, we recognize that the confidentiality, integrity and availability of information
are essential to our operations and to the trust our customers place in us.
We are committed to implementing and maintaining an Information Security Management System
(ISMS) aligned
with ISO/IEC 27001.
Our objective is to establish a structured, risk-based approach to
managing information security and to continuously improve our controls and processes.
2. Scope of Security
Our information security practices apply to:
- Customer data processed within our solutions
- Internal systems and infrastructure
- Development and deployment environments
- Employees and third parties involved in service delivery
The scope of our ISMS is currently being formalized and documented.
3. Current Status
xXenta is in the process of designing and implementing its ISMS.
While certification
has not
yet been obtained, we have established a foundation of controls and procedures that support
secure operations.
Current measures include:
- Role-based access control to systems and data
- Use of managed and secure cloud environments
- Controlled handling of customer information
- Defined internal procedures for incident response
- Initial documentation of policies and responsibilities
These measures are subject to ongoing review and improvement.
4. Risk Management Approach
We apply a risk-based methodology to information security.
This includes:
- Identification of information assets
- Assessment of risks related to confidentiality, integrity and availability
- Definition and implementation of appropriate controls
- Periodic review and update of risk assessments
Risk treatment decisions are documented and aligned with business objectives.
5. Policies & Controls
We are developing and maintaining a structured set of policies and controls, including:
- Information Security Policy
- Access Control Policy
- Data Protection and Handling Guidelines
- Incident Management Procedure
- Supplier and Third-Party Considerations
Controls are being implemented in alignment with Annex A of ISO/IEC 27001.
6. Incident Management
xXenta maintains procedures for identifying, reporting and responding to information security
incidents.
This includes:
- Internal reporting mechanisms
- Incident classification and prioritization
- Response and mitigation actions
- Documentation and post-incident evaluation
Where applicable, incidents are reviewed to identify improvements to controls and processes.
7. Continuous Improvement
Our ISMS is based on the principle of continuous improvement.
We are implementing a
structured cycle that includes:
- Internal reviews of controls and processes
- Identification of gaps and improvement actions
- Ongoing refinement of policies and procedures
Formal internal audits and management reviews are planned as part of the next phase of
implementation.
8. Roadmap to Certification
xXenta is working towards formal certification under ISO/IEC 27001.
The roadmap
includes:
- Formalization of ISMS scope and documentation
- Completion of risk assessment and control implementation
- Execution of internal audits and management review
- Engagement with an accredited certification body
No specific certification date is currently committed, as we prioritize a thorough and
effective implementation.
9. Responsibilities & Governance
Responsibility for information security is assigned within xXenta and integrated into our
organizational structure.
This includes:
- Defined roles and responsibilities
- Alignment between management, development and operations
- Ongoing attention to security in decision-making processes
10. Third Parties
Where third-party services are used, we take reasonable steps to ensure that they meet
appropriate security standards.
This includes:
- Selection of reputable providers
- Consideration of security capabilities and certifications
- Limiting access to necessary data only