Information Security Policy Statement
- It is APNIC’s mandate that the information it manages shall be appropriately secured to protect against the consequences of breaches of confidentiality, failures of integrity or interruptions to the availability of that information.
- An Information Security Management System (ISMS) has been developed, implemented, maintained, and shall be continuously improved.
- APNIC’s ISMS provides management direction and support for information security across APNIC and establishes senior management’s commitment to establishing and monitoring its ISMS objectives
- APNIC follows a risk management framework to protect our systems and information from risks in accordance with their value
- The policy is applicable to all employees, contractors, consultants, and other workers at APNIC and its subsidiary, APNIC Foundation.
- APNIC will establish and maintain appropriate contacts with other organisations, law enforcement authorities, regulatory bodies, and network and telecommunications operators in respect of its information security policy
- APNIC is committed to identifying and complying with applicable requirements relating to information security
- Any non-conformances and information security incidents will be reported, investigated and suitable action taken in a systematic and timely manner.
As a benchmark, APNIC has implemented an Information Security Management System in accordance with the requirements of ISO 27001:2013
as a foundation for continual improvement. Information Security objectives have been established and are regularly reviewed.