ISOLS is committed to protecting the confidentiality, integrity, and availability of all information assets through a continuously improving Information Security Management System.
This policy establishes the framework and management commitment required to actualise ISOLS's information security objectives across all operations, services, and geographies.
"Isolutions Associates is committed to the confidentiality, integrity, and availability of her information assets and shall implement measures through the establishment, implementation, maintenance, and continual improvement of an information security management system to protect the organisation's information assets against all threats.
Users of Isolutions Associates information and information assets shall comply with this policy and exercise a duty of care in relation to the operation and use of Isolutions Associates information and information systems.
Isolutions Associates shall comply with all applicable regulations and contractual requirements related to information security in her operations and services.
This information security policy states management's commitment and establishes the framework for the actualisation of Isolutions Associates information security objectives."
Every control, process, and measure at ISOLS is designed to uphold these three foundational principles.
Information is accessible only to those authorised to access it. We enforce strict access controls, encryption, and data classification across all systems.
Information is accurate and complete, and is not modified without authorisation. We maintain audit trails, checksums, and change management controls.
Authorised users have reliable access to information and systems when required. We maintain resilient infrastructure, redundancy, and incident response plans.
The policy establishes clear obligations for the organisation, its staff, and its partners.
ISOLS shall establish, implement, maintain, and continually improve an Information Security Management System (ISMS) in accordance with ISO/IEC 27001. The ISMS provides the systematic framework for managing information security risks and controls across the entire organisation.
Every individual who accesses or uses ISOLS information assets — including employees, contractors, and partners — must comply with this policy. Each user bears a duty of care in the responsible operation and use of ISOLS information and information systems.
ISOLS shall comply with all applicable laws, regulations, and contractual obligations related to information security within every jurisdiction it operates. This includes data protection legislation, sector-specific requirements, and client contractual obligations.
This policy provides the governing framework from which all information security objectives are derived. Security objectives are set at relevant functions and levels, reviewed regularly, and updated to reflect the evolving threat landscape and business context.
Our information security programme is built on internationally recognised frameworks.
Our ISMS is designed and operated in alignment with the international standard for information security management systems, driving a risk-based approach to protecting information assets.
Learn More →We map our security controls to the NIST CSF — Identify, Protect, Detect, Respond, Recover — to ensure a comprehensive and resilient security posture for our clients and operations.
ISOLS complies with applicable data protection laws across East Africa, including the Kenya Data Protection Act, 2019, and equivalent legislation in Uganda, Tanzania, Rwanda, and Ethiopia.
Data Protection →ISOLS practices what it preaches. The same standards and controls we apply to our own operations are the foundations of the managed security services we deliver to our clients.