Information Security Policy Statement

  • It is APNIC’s mandate that the information it manages shall be appropriately secured to protect against the consequences of breaches of confidentiality, failures of integrity or interruptions to the availability of that information.
  • An Information Security Management System (ISMS) has been developed, implemented, maintained, and shall be continuously improved.
  • APNIC’s ISMS provides management direction and support for information security across APNIC and establishes senior management’s commitment to establishing and monitoring its ISMS objectives
  • APNIC follows a risk management framework to protect our systems and information from risks in accordance with their value
  • The policy is applicable to all employees, contractors, consultants, and other workers at APNIC and its subsidiary, APNIC Foundation.
  • APNIC will establish and maintain appropriate contacts with other organisations, law enforcement authorities, regulatory bodies, and network and telecommunications operators in respect of its information security policy
  • APNIC is committed to identifying and complying with applicable requirements relating to information security
  • Any non-conformances and information security incidents will be reported, investigated and suitable action taken in a systematic and timely manner.
As a benchmark, APNIC has implemented an Information Security Management System in accordance with the requirements of ISO 27001:2013 as a foundation for continual improvement. Information Security objectives have been established and are regularly reviewed.