RezExpert Security Policy based on ISO 27001

Version: 1.1

Date: January 1, 2024

Purpose

To provide guidelines and procedural framework for the secure operation, administration, and management of the RezExpert property management system, in alignment with ISO 27001 standards.

Scope

This policy applies to all employees, contractors, vendors, and third-party service providers who have access to or interact with RezExpert and associated data.

Normative References

Roles and Responsibilities

Policy Objectives

Policies and Controls

Access Control (ISO 27001, A.9)

Operations Security (ISO 27001, A.12)

Cryptographic Protection (ISO 27001, A.10)

Physical and Environmental Security (ISO 27001, A.11)

Communications Security (ISO 27001, A.13)

Incident Management (ISO 27001, A.16)

Compliance (ISO 27001, A.18)

Awareness and Training (ISO 27001, A.7)

Implementation and Monitoring

This policy will be implemented immediately upon approval. Compliance will be continuously monitored through internal audits and vulnerability assessments. The policy will be reviewed annually or after significant changes to the business environment or technology stack.