The Board and management of Comsenso BV, located at Plotterstraat 24, 1033 RX Amsterdam, The Netherlands, which is in the business of selling, providing, implementing and supporting Managed ICT services to its clients, are committed to preserving the confidentiality, integrity and availability of all the physical and electronic information assets throughout the organization, in order to preserve its competitive edge, cash-flow, profitability, legal, regulatory and contractual compliance and commercial image. Information and information security requirements will continue to be aligned with the organizational goals and the ISMS is intended to be an enabling mechanism for information sharing, for electronic operations and for reducing information-related risks to acceptable levels.

The Scope of Comsenso’s Information Security Management System has been defined as follows:

1. The implementation-, support- and management processes  in use at Comsenso for delivering Managed Network- & Security Services as sold to clients;
2. The organizational entity that is covered by the scope is the technical support- and implementation department of Comsenso BV;
3. The assets in scope are all software and hardware components installed in Comsenso’s data centres, needed to deliver named services to its clients;
4. Exclusions to the scope are the processes of 3^rd party vendors that are not covered by the contracts or SLA’s with these vendors.

Comsenso’s current strategic business plan and risk management framework provide the context for identifying, assessing, evaluating and controlling information-related risks through the establishment and maintenance of an Information Security Management System. The risk assessment, Statement of Applicability and risk treatment plan identify how information-related risks are controlled. The Chief Security Officer is responsible for the management and maintenance of the risk treatment plan. Additional risk assessments may, where necessary, be carried out to determine appropriate controls for specific risks.

In particular, business continuity and contingency plans, data backup procedures, avoidance of viruses and hackers, access control to systems and information security incident reporting are fundamental to this policy. Control objectives for each of these areas are contained in the Manual and are supported by specific, documented policies and procedures.

All employees of Comsenso and certain external parties identified in the ISMS are expected to comply with this policy and with the ISMS that implements this policy. All staff, and certain external parties, will be required to receive appropriate training and/or instructions.

The ISMS is subject to continuous, systematic review and improvement

Comsenso has established an Information Security Group, chaired by the CSO, including the Information Security Manager and other security specialists to support the ISMS framework and to periodically review the security policy. The function names (e.g. CSO, ISM, etc.) that are used throughout the ISMS documentation to define and assign ownership, responsibilities and/or accountabilities, are to be interpreted as ‘Roles’. These roles are assigned to persons. Given the current structure of the Organization, some of these roles have been combined and assigned to one and the same person.

Comsenso is committed to achieving and maintaining certification of its ISMS to ISO27001/ISO27002:2005

This policy will be reviewed to respond to any changes in the risk assessment or risk treatment plan and at least annually.

This information security policy was approved by the Board of Directors and is issued on a version controlled basis under the signature of the CEO.