This policy reflects the commitment of Gecko Solutions to ensure the availability, integrity and confidentiality of information through the establishment, implementation, maintenance and continuous improvement of the Information Security Management System (ISMS), in accordance with the requirements of the standard ISO/IEC 27001:2022.
Gecko Solutions is dedicated to protecting the information of its users, partners and employees through the following principles:
- Implementing comprehensive information protection measures including physical, technical, and administrative controls based on Annex A of ISO/IEC 27001:2022
- Ensuring business continuity and minimizing the impact of security incidents through timely detection, response, and recovery processes
- Controlling risks by systematically identifying, assessing, and treating threats and vulnerabilities with appropriate protection measures
- Embedding security requirements into the design, development, and deployment of software solutions and infrastructure systems (security-by-design)
- Educating and raising awareness among employees about the importance of information security and their roles and responsibilities in safeguarding information assets
- Complying with all applicable legal, regulatory, and contractual obligations related to information security and data privacy
- Promoting continuous improvement of the ISMS by monitoring performance, conducting internal audits, and performing regular management reviews
- Facilitating open communication and cooperation with all relevant internal and external stakeholders
The responsibility for implementing and maintaining this policy lies with all employees, contractors, and partners of Gecko Solutions, supported by management’s leadership and oversight.
The Information Security Policy is reviewed at least annually and updated as necessary to reflect changes in the organizational context, risk landscape, regulatory requirements, and technological environment.
This policy and any associated information security documents are made available to interested parties as needed to ensure awareness and compliance.