Compliance

Information Security Policy

Last update: December 1st, 2025


1. Policy Statement

Codelaude is committed to preserving the confidentiality, integrity, and availability of all physical and electronic information assets to ensure that regulatory, operational, and contractual requirements are fulfilled. We recognize that information security is critical to our business success and the trust of our clients, partners, and other interested parties. Our Information Security Policy provides a framework for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS) in accordance with ISO/IEC 27001:2022.


2. Policy Objectives

The objectives of this policy are to:

  • Protect information assets from all threats, whether internal or external, deliberate or accidental.
  • Ensure compliance with applicable legal, regulatory, and contractual obligations.
  • Support business continuity by minimizing the impact of security incidents.
  • Ensure that information security risks are assessed, documented, and treated in a structured manner.
  • Promote a culture of security awareness and accountability across all levels of the organization.
  • Maintain the integrity of our services and products, including software development, consulting and support.

3. Commitment to Continual Improvement

Codelaude is dedicated to the continual improvement of its ISMS. We achieve this through:

  • Regular management reviews of ISMS performance.
  • Internal audits and corrective actions.
  • Monitoring security objectives and incident metrics.
  • Staying aligned with emerging threats and industry best practices.

4. Responsibilities

  • Top Management ensures the ISMS is aligned with the strategic direction of the organization.
  • Managers and Information Owners are responsible for enforcing security controls within their areas.
  • All employees and contractors are responsible for adhering to the information security policies, reporting incidents, and safeguarding assets.

5. Communication & Awareness

This policy is communicated to all relevant internal and external interested parties via:

  • Internal onboarding and periodic security awareness sessions.
  • Intranet and ISMS platform (ISMS.online) accessibility.
  • Regular updates following policy reviews or significant changes.

6. Review and Update

This policy is reviewed at least annually, or when significant changes occur, to ensure its continued suitability, adequacy, and effectiveness.


Questions

Any questions about this information security policy please contact us at support@codelaude.io.