CreditRegistry is Nigeria’s pioneer and largest credit bureau providing the empowerment to consumers and businesses to achieve their financial goals with the provision of high-performance credit information products and services. The purpose and objective of the Information Security Policy is to protect the company’s stakeholders, and customers’ information assets, printed, written and electronic, from threats, whether internal or external, deliberate or accidental, to ensure business continuity, minimize business damage and maximize return on key business relationships and opportunities.
CreditRegistry’s people are committed to the development and maintenance of an Information Security Management System (ISMS) which is operated in accordance with the requirements of ISO 27001. It will be supported with adequate resources to achieve the framework of stated objectives which are periodically reviewed by Top Management.
It is the policy of the Company to ensure that:
Roles and responsibilities will be assigned and that everyone is aware of the requirements of the policy
Information will be protected from loss of confidentiality, integrity and availability through the development of security policies and controls
Information security training will be available to all CreditRegistry people
All breaches of information security, actual or suspected, will be reported to, and investigated by, the Information Security Manager
All statutory, regulatory, customer and applicable requirements are always met
Guidance, policies, controls and procedures will be produced to support this policy
All Managers are directly responsible for implementing the Information Security Policy within their business areas
Safety of our information, intellectual property, assets, activities and facilities is one of CreditRegistry’s top priorities. Our approach to Information Security is to always maintain vigilance over our assets, to invest in technology, monitor processes and enhance people skills. This will improve the way we both manage our business and deliver services to our customers. Underpinning our approach to information security is our risk management framework which allows the business to present threats, risks and opportunities for management review which in turn allows for the Top Management Team to ensure the system appropriately supports our strategic goals and outcomes.
All our people have a legal obligation to comply with their statutory duties and to utilize the established management systems, procedures, practices, and training that are provided for themselves and the benefit of everyone we work with.
All CreditRegistry people will be given appropriate information, instruction, and training to have the right behaviours to encourage a safe and secure culture to always ensure data and information security integrity is maintained.
CreditRegistry will continually improve its information security system and monitor performance to prevent any security breaches. This policy and our performance will be reviewed at least annually with objectives and targets set and agreed with Top Management or soon should a significant change occur. CreditRegistry will make this policy available to its people, customers, and other interested parties.
A current version of this document has been communicated to all staff via email. Equally, it is available to all members of staff on the corporate SharePoint, and on the CreditRegistry customer facing website for customers and other external parties. It does not contain confidential information and can be released to relevant external parties.