Information Security within SOFTONE cosmoONE

As a modern, forward-looking business, the Executive Team and Board of SOFTONE TECHNOLOGIES S.A. recognises the need to ensure that its business operates smoothly and without interruption for the benefit of its customers, shareholders, and other stakeholders. To provide such a level of continuous operation, SOFTONE TECHNOLOGIES S.A. has implemented an Information Security Management System (ISMS) aligned with the International Standard for Information Security, ISO/IEC 27001. The operation of this ISMS provides significant benefit for the business, including:

  • Protection of revenue streams and company profitability

  • Ensuring the supply of Cloud services and Business Software solutions to customers

  • Maintenance and enhancement of shareholder value

  • Compliance with legal and regulatory requirements

  • Increased credibility in its target markets and

  • Improved brand value

An Information Security Policy is available in electronic form and will be communicated within the organization and to all relevant stakeholders and interested third parties. The commitment to the delivery of information security extends throughout the organization and its subsidiaries and will be demonstrated through the information security policy and the provision of appropriate resources to establish, develop, and continuously improve the ISMS in support of the company’s business objectives. This will include ongoing research into ways of improving the ISMS policies, procedures, processes, standards, infrastructure, and services to ensure the optimal management and security of information assets in the light of evolving threats. These improvements will be communicated to customers, employees, and shareholders. The Executive Team will use all reasonable efforts to ensure that the performance of the ISMS is reviewed on a regular basis, information security objectives are being met and relevant issues are identified and addressed. A risk management approach and process will be used which is line with the requirements and recommendations of ISO/IEC 27001. Risk management will take place at several levels within the ISMS, including:

  • Enterprise level risk assessments focused on strategic which will drive the information security objectives

  • Information systems risk assessments addressing risks to the strategic, tactical and operational objectives

  • Enterprise Risk Management focused on business risks

  • Assessment of risks to the achievement of our information security objectives

  • Regular information security risk assessments within specific operational areas

  • Assessment of risk as part of the business change management process

  • At the project level as part of the change management

We encourage all employees and other stakeholders in our business to ensure that they play their part in delivering our information security objectives.


Yours sincerely,

THE EXECUTIVE TEAM