1. Introduction
The purpose of this document is to define the role that CardExchange Solutions Inc’s Senior Management takes in ensuring commitment to information security, the development and propagation of this policy, and the assignment of appropriate information security roles, responsibilities and authorities to protect CardExchange Solutions Inc’s assets from all relevant threats, whether internal or external, deliberate or accidental.
2. Objective
CardExchange Solutions Inc, which develops desktop ID card and visitor management software and cloud based credential management solutions, is committed to preserving the confidentiality, integrity and availability of all the physical and electronic information assets (information assets include data or other knowledge stored in any format on any system that has value to an organisation, and should be logged) throughout the organisation in order to compete in the marketplace and maintain its legal, regulatory and contractual compliance and commercial image.
To achieve this, CardExchange Solutions Inc has implemented an information security management system (ISMS) in accordance with the international standard ISO/IEC 27001:2022 requirements. The ISMS is subject to continual, systematic review and improvement.
3. Roles and responsibilities
- The Chief Executive Officer (CEO) is responsible for setting and approving the Information Security Policy.
- The Information Security Manager is responsible for ensuring that roles, responsibilities and authorities are appropriately assigned, maintained and updated as necessary.
- All Employees/Staff are responsible for adhering to the requirements of the Information Security Policy and for fulfilling any duties related to assigned roles, responsibilities or authorities. The consequences of breaching the Information Security Policy are set out in CardExchange Solutions Inc ’s disciplinary policy and in contracts and agreements with third parties.
4. Policy Objectives
It is the policy of CardExchange Solutions Inc that:
- Information is made available to all authorized parties with minimal disruption to the business processes.
- Information security and privacy risks are managed.
- The integrity of this information is maintained.
- Confidentiality of information is preserved.
- Regulatory, legislative and other applicable requirements related to information security are met.
- Appropriate information security and privacy objectives are defined and measured.
- Appropriate business continuity arrangements are in place to counteract interruptions to business activities and these take account of information security.
- Appropriate information security and privacy education, awareness and training is available to staff and relevant others, e.g. suppliers, working on behalf of CardExchange Solutions, Inc.
- Breaches of information security or privacy and security incidents, actual or suspected, are reported and investigated through appropriate processes.
- Appropriate access control is maintained and information is protected against unauthorized access.
- Continual improvement of the ISMS is made as and when appropriate.
- Commitment to achieving, supporting and managing compliance with all applicable PII legislation, including the contractual terms agreed between CardExchange Inc and its clients.
This policy is approved by the Chief Executive Officer (CEO) and is reviewed at regular intervals or upon significant change.
This policy is communicated to all Employees & Contractors within CardExchange Solutions Inc and is available to customers, suppliers, stakeholders and other interested parties upon request.
Document owner and approval
The Chief Technology Officer (CTO) is the owner of this document and is responsible for ensuring that it is reviewed in line with the review requirements of the management system. For more information please email