How we protect your data

As part of our holistic view of data security we understand that technical solutions on their own are not enough to meet our information security goals. In order to identify and manage risks and threats from all angles in a systematic and measured way, we have implemented an Information Security Management System (ISMS) in line with the ISO 27001 standard.

Our ISMS has been designed to cover a broad range of security aspects encompassing technical, organisational, business process, legal and personnel, based on tried and proven international security best practices. It guides and informs our day to day business processes ensuring we meet our security objectives in a consistent, measurable manner. We aim to protect the confidentiality, availability and integrity of customer data.

• Confidentiality: protect from unauthorised access to data and systems. Protect against inadvertent information disclosure.
• Integrity: protect from unauthorised modification or deletion of data. Protect from data corruption.
• Availability: protect systems from unscheduled downtime caused by denial of service attacks, software or hardware failures, software malfunction, disruption to access routes.

Key objectives

• Meeting and exceeding our commitment to our customers to maintain the highest standard of information security by maintaining our ISMS in accordance with the ISO27001 standard.
• Secure design, coding and operation of our platform to minimize operational and cybersecurity risks to customers.
• Ensuring our staff are equipped with the knowledge and tools required to meet security objectives, including relevant training.
• Manage changes to our key systems, infrastructure and business processes in a controlled manner.
• Reduce risk by carrying out periodic risk assessments and identifying our biggest weaknesses; addressing those weaknesses methodologically.
• Ensure consistent information security awareness among staff through the implementation of regularly reviewed and audited policies, processes and controls.
• Comply with legal and legislative requirements.
• Protect the Dashi Cyber brand by engaging with trusted partners and suppliers who can demonstrate compliance with best practices in information security.
• Continuous improvement in all areas of information security.

Information Security Responsibilities

• Senior management are ultimately responsible of the development, implementation and management of the ISMS
• Senior management regularly review the ISMS for applicability, scope and effectiveness.
• A responsible person is assigned to each information asset and risk. This person is responsible for managing asset security and addressing risk.
• A company-wide information classification policy has been established and communicated to all members of staff and contractors.
• All staff including contractors are bound by our information security policies at all times.

Security Management

• Information assets are systematically assessed for risk and adequately protected with technological and policy based controls.
• Processes for escalating incidents and risks have been implemented and tested.
• Comprehensive security policies covering IT, HR, suppliers, business continuity, information and equipment lifecycle management and acceptable use policies have been implemented and are adhered to.
• A continuous security focused staff training program has been implemented.
• All suspected and confirmed breaches of information security will be reported to and investigated by senior management.
• Our ISMS and related security controls are regularly assessed and reviewed.