PRIVACY POLICY

This privacy policy describes The Compass policies and procedures on the collection, use, as well as disclosure of your information when you subscribe to our services, it tells you how the law protects you and your privacy rights.

Personal Data Collected

We may ask you to provide Us with certain personally identifiable information that can be used to contact or identify you. Personally, identifiable information may include, but is not limited to:
• Email address
• Phone number
• Address
• Name
• Date of Birth

Use of your Personal Data
The company may use personal data for the following purposes:
• To provide and maintain our service.
• For the performance of a contract
• To contact you
• To provide you with news, special offers, and general information
• To manage your requests

Tracking Technologies and cookies
We use cookies to help you navigate efficiently and perform certain functions. Tracking technologies used are to improve our service. These cookies will only be stored in your browser with your prior consent. You can choose to enable or disable some or all of these cookies but disabling some of them may affect your browsing experience. You will find detailed information about all cookies under each consent category below:

Types of cookies?

Functionality Cookies
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features. The details of cookies that we capture are Browser, Country, Date, Number of visit times, IP Address, and Referrals.
Necessary Cookies
The cookies that are categorized as “Necessary” are stored on your browser as they are essential for enabling the basic functionalities of the site.
Analytics:
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Advertisement
Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

Administered by Cookeries
To whom we share your Personal data:
We share your personal data with Service providers and third-party organizations (Our Partners) based on the lawful purpose of processing.

Retention of your personal data
The Compass will retain your personal data only for as long as it is necessary for the purposes set out in this privacy policy. We will retain and use your personal data to the extent necessary to comply with our legal obligations.

Security of your personal data
The security of your personal data is important to us and we have processes and necessary security tools in place to prevent unauthorized access or data breach

Your rights as a data subject
• Right to be Informed
• Right of Access:
• Right to Rectification:
• Right to Erasure:
• Right to Data portability:
• Right to Restrict processing:
• Right to Object:
• Right not to be subjected to a decision based solely on automated processing

Updates to this privacy policy
We regularly review and, when appropriate update this privacy policy from time to time as our services and use of personal data evolve. If we want to make use of your personal data in a way that we have not previously identified, we will contact you to provide information about this and, if necessary, to ask for your consent. Also, we will notify you of any changes by posting the new privacy policy on this page.

CONTACT US
If you have any questions or complaints about our use of your information, we would prefer you to contact us directly so that we can address your complaint.
info@decompass.com ISMS Policy Statement
The Board and Management of The Compass which operates in the Information technology sector are committed to preserving the confidentiality, integrity and availability of all physical and electronic information assets throughout the organization, in order to preserve its asset, legal, regulatory as well as contractual, compliance and image.

The Information Security Management Systems (ISO 27001) requirements will continue to be aligned with organizational goals and is also intended to be an enabling mechanism for information sharing, electronic operations, and reducing information & Technology related risks to acceptable levels.

The Compass is committed to providing quality services to our customers, both internal and external by aligning Information Technology investments with organizational goals. The Compass has aligned its processes and operations to the requirements of the ISO27001 standard to ensure, cyber resilience, protection of its information asset and maximization of benefit/returns on IT investments.

It is, therefore, The Compass policy to ensure:
• Current strategy and Information Security Management Systems (ISMS) provide the context for identifying, assessing, evaluating, and controlling information/process/service-related risks through the establishment and maintenance of the ISMS. The risk assessment and risk treatment plan capture how identified risks are controlled in alignment with The Compass risk management strategy.
• Information security education, awareness and training are made available to all stakeholders
• All employees of The Compass and external parties identified in the Management Systems are expected to comply with this policy. All staff and certain external parties will receive or be required to provide evidence of receiving appropriate training.
• The ISMS shall be subject to continuous and systematic review with improvements adopted, where necessary.
• Management is committed to the continual improvement of the ISMS in the Organizations.
• Breach of the policy or security mechanism may warrant disciplinary measures, up to and including termination of employment/contract as well as legal action in line with the Cybercrime Prohibition Act 2015.

The Board and Management of InfoAssure Limited which operates in the Information technology sector are committed to preserving the confidentiality, integrity and availability of all physical and electronic information assets throughout the organization, in order to preserve its asset, legal, regulatory as well as contractual, compliance and image.

The Information Security Management Systems (ISO 27001) requirements will continue to be aligned with organizational goals and is also intended to be an enabling mechanism for information sharing, electronic operations, and reducing information & Technology related risks to acceptable levels.

InfoAssure Limited is committed to providing quality services to our customers, both internal and external by aligning Information Technology investments with organizational goals. InfoAssure Limited has aligned its processes and operations to the requirements of the ISO27001 standard to ensure, cyber resilience, protection of its information asset and maximization of benefit/returns on IT investments.

It is, therefore, InfoAssure policy to ensure:

• Current strategy and Information Security Management Systems (ISMS) provide the context for identifying, assessing, evaluating, and controlling information/process/service-related risks through the establishment and maintenance of the ISMS. The risk assessment and risk treatment plan capture how identified risks are controlled in alignment with InfoAssure’s risk management strategy.
• Information security education, awareness and training are made available to all stakeholders
• All employees of InfoAssure and external parties identified in the Management Systems are expected to comply with this policy. All staff and certain external parties will receive or be required to provide evidence of receiving appropriate training.
• The ISMS shall be subject to continuous and systematic review with improvements adopted, where necessary.

Management is committed to the continual improvement of the ISMS in the Organizations.

Breach of the policy or security mechanism may warrant disciplinary measures, up to and including termination of employment/contract as well as legal action in line with the Cybercrime Prohibition Act 2015.

The Board and Management of The Compass are fully dedicated to upholding the confidentiality, integrity, and availability of all physical and electronic information assets in the organization. Our commitment is essential to safeguard our assets, adhere to legal and regulatory requirements, meet contractual obligations, and preserve our reputation.

We recognize the significance of the Information Security Management System (ISMS) in accordance with ISO 27001 and the Quality Management System (QMS) aligned with ISO 9001. These integrated systems are instrumental in achieving our organizational objectives, facilitating secure information sharing, optimizing electronic operations, and effectively mitigating information and technology-related risks.

Our Policy Ensures:

• The ISMS, complemented by the QMS, provides a strategic context for identifying, assessing, evaluating, and controlling information/process/service-related risks. It ensures the implementation and maintenance of robust controls aligned with our risk management strategy.
• Critical elements such as business continuity and contingency plans, data backup procedures, access controls to systems, and information security incident reporting are integral to this policy. All employees of The Compass bear the responsibility of promptly reporting incidents.
• Compliance with this policy is mandatory for all employees and external parties identified in the Integrated Management Systems. Adequate training will be provided to staff and certain external parties to ensure understanding and compliance.
• Continuous and systematic reviews of the ISMS and QMS will be conducted, to drive improvements, maintain effectiveness, and foster a culture of continual improvement.

The management is firmly committed to sustaining the excellence of the ISMS and QMS in The Compass.

Any breach of this policy, or security mechanisms may result in disciplinary measures; including termination of employment/contract, and legal action in accordance with the Cybercrime Prohibition Act 2015.

This policy statement, reflects our organization's commitment to securing information, delivering high-quality services and continuous enhancement, tailored to the specific context of an IT GRC and Cybersecurity consulting firm. The integration of ISMS and QMS ensures an efficient and effective approach to risk management and fostering confidence among our clients and stakeholders.