Information Security Management System Policy

Purpose

This information security policy defines the framework within which information security will be managed across Layer3 Limited and demonstrates management commitment and support for information security throughout Layer3 Limited. This policy is the primary policy from which all information security related policies emanate.

Scope

This policy is applicable to all Layer3 Limited personnel, contractors, vendors and other parties, and covers all information entrusted to or owned by Layer3 Limited and stored, processed, or transmitted on the organizations information systems and operated by the organization

Information Security Objectives

Layer3 Limited has set the following major information security objectives:

• Achieve 100% protection of Confidentiality and integrity of Layer3’s Information assets.

• Achieve 90% Information Security Awareness culture across the organisation.

• Provide assurance of information systems resilience – 99.6 availability.

Information Security Policy

Layer3 Limited is committed to the confidentiality, integrity and availability of her information assets and shall implement measures through the establishment, implementation, maintenance and continual improvement of an information security program to protect the organization’s information assets against all threats.

All users and custodians of information assets owned by or entrusted to Layer3 Limited shall comply with this policy and exercise a duty of care in relation to the storage, processing, and transmission of the organization’s information and information systems.

Layer3 Limited shall comply with all applicable legal, regulatory and contractual requirements related to information security in her services and operations.

This information security policy states management’s commitment and establishes the framework for the actualization of Layer3 Limited security objectives and is the primary policy from which all Layer3 Limited security related policies emanated.