IMS Policy Statements
ISO 27001 Information Security Management System (ISMS) Policy
Greenwich’s information resources are critical to its survival. To protect its information resources during internal and external use, in addition to conforming to statutory and contractual requirements, information security is one of Greenwich’s prime responsibilities. Greenwich shall therefore ensure that such information resources are adequately protected when used by all parties authorized to have access to these resources.
Information in all its forms, including information about employees, customers, and products, is among the most valuable assets of the Bank. The security (confidentiality, integrity, and availability) of that information is key to Greenwich’s successful discharge of its responsibilities to customers and stakeholders.
- The Top management of Greenwich Merchant Bank will ensure the integration of Greenwich MB’s processes with the requirements of the Information Security Management System (ISMS).
- A clear definition of the requirements for information security will be agreed upon and maintained with the business so that all ISMS activities are focused on the fulfillment of those requirements.
- Statutory, regulatory, and contractual requirements will be documented and input into the planning process for the Information Security Management System.
- Information security objectives will be based upon a clear understanding of the business requirements, informed by the annual management review with stakeholders to ensure that the information security policy and information security objectives are established and compatible with the strategic direction of the Bank.
- Roles and responsibilities will be allocated within Greenwich MB to ensure the effectiveness of the Information Security management system.
- A systematic review of the performance of the program will be conducted on a regular basis to ensure that quality objectives and the intended outcome of the ISMS are being met while security issues are identified through the audit program and management processes.
- The management of Greenwich is committed to continually improving the effectiveness of the Information Security Management System.
- Current processes will be enhanced to bring them in line with information security best practices as defined within ISO/IEC 27001.
ISO 22301 Business Continuity Management System (BCMS) Policy
Greenwich Merchant Bank has established a Business Continuity Management System (BCMS) to ensure policies, procedures, processes, and activities establish a culture of resilience, consistency, and coordination of the resilience efforts across the Bank in the continuity of services provided.
This policy provides guidance to ensure critical business processes along with associated information resources are promptly recovered and available in the occurrence of an incident.
- The Board and Management of Greenwich Merchant Bank are committed to preserving a defined level of Business Continuity and continual improvement of Greenwich Merchant Banks’ Business Continuity Management System.
- Greenwich Merchant Bank shall implement the necessary capabilities to ensure the continuity of its critical business functions amid serious disruptive incidents or disasters and to ensure the recovery of such critical functions to an operational state within acceptable timeframes.
- Greenwich Merchant Bank’s Executive Leadership is committed to developing business continuity capability as a strategic asset comprising adequate resources and capabilities; including approvals of appropriate budget where required to achieve the required Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO).
- Greenwich Merchant Bank shall ensure that all applicable legal, regulatory, and contractual requirements relating to Business Continuity Management are identified and tracked for compliance.
- Greenwich Merchant Bank shall establish, maintain, test, and validate the capability and readiness to cope effectively with any incident and disaster that may occur.
- Greenwich Merchant Bank will develop capabilities to efficiently respond to incidents, manage crises and recover critical IT applications.
- Greenwich Merchant Bank will ensure that clear roles and responsibilities are assigned to various stakeholders within the Bank to ensure effective collaboration to achieve the Business Continuity goals and objectives.
- This Business Continuity Management policy is based on the standards defined in ISO 22301. Each part of the system will be prepared to meet both this standard and recognized standards in corporate governance.