Information Security Policy

Vision

To have a robust Information Security policy implemented and continually improved across functions to protect all information assets assuring information security.

Policy

SIERRA commits empowerment of Information Security Management System through the implementation of highly secure practices for People, Process and Technology.

Objectives – To ensure that

• Information will be protected against unauthorized access
• Confidentiality of information is assured. Integrity of information is maintained
• Regularity and legislative requirements regarding Intellectual property rights, Data protection and privacy of personal information are met
• Business Continuity plans will be produced, maintained and tested
• Staff receive adequate Information Security training
• All breaches of information security, actual or suspected are reported and investigated by the Security Policy Review Team

Why This Policy Matters

Information security is essential for protecting the organization’s information assets and maintaining the trust of customers, partners, and stakeholders. As organizations increasingly depend on digital platforms and interconnected systems to manage operations, the protection of sensitive information becomes critical to business continuity and responsible operations.

This Information Security Policy establishes the framework for safeguarding information assets from unauthorized access, misuse, disclosure, disruption, or loss. It ensures that appropriate controls and practices are implemented across people, processes, and technology to manage security risks effectively.

By maintaining a structured Information Security Management System, SIERRA aims to ensure that information assets belonging to the organization, its customers, vendors, and partners are protected and handled responsibly.

How This Benefits Our Customers

A strong information security framework supports the secure and reliable delivery of our solutions and services. By implementing structured information security practices, SIERRA aims to ensure that sensitive operational and business data remains protected throughout its lifecycle.

This policy helps ensure that:

• Customer and operational data are protected against unauthorized access or misuse.
• Information confidentiality, integrity, and availability are maintained across systems and networks.
• Applicable regulatory and legal requirements related to information security and data protection are addressed.
• Security risks are managed through defined processes and governance mechanisms.
• Organizations using our solutions can operate with confidence in a secure digital environment.

These practices help build trust and support the secure use of our technology platforms and services.

Our Commitment to Continuous Improvement

Information security is a continuous process that requires regular evaluation and improvement. SIERRA is committed to maintaining and strengthening its Information Security Management System through periodic reviews, risk assessments, and operational improvements.

Security practices are monitored and updated to address emerging threats, evolving regulatory expectations, and changes in technology and business operations. Training and awareness programs help ensure that employees understand their responsibilities in protecting information assets.

Through these efforts, the organization continually enhances its ability to safeguard information and maintain a resilient security posture.

Governance & Oversight

The Information Security Policy is approved and supported by the management of SIERRA. Implementation of the policy is carried out through defined processes, roles, and responsibilities across the organization.

Managers are responsible for ensuring that the policy is implemented within their respective areas of operation, and employees are expected to adhere to the established security practices.

Any suspected or confirmed information security incidents are reported and reviewed through established governance mechanisms to ensure appropriate response and corrective actions.