Information Security Policy

Fidelity Bank Information Security Policy Statement

Introduction

Fidelity Bank is committed to Information Security, which is embedded in the framework of our Information Security Management System (ISMS). Our ISMS adheres to international best practices and the ISO 27001 standard. This commitment aims to protect our information assets and ensure the confidentiality, integrity, and availability of sensitive information, particularly that of our customers. This policy serves as the foundational document from which all other security-related policies, procedures, and controls are derived.

Scope

This policy applies to all individuals, entities, and systems that interact with Fidelity Bank’s information assets, including employees, contractors, partners, consultants, and any third party with access to our systems and networks. It ensures that all parties with access to sensitive information implement the necessary security measures to safeguard against unauthorized access, alteration, disclosure, and destruction of data.

Information Security Objectives

The objectives of implementing the ISMS at Fidelity Bank are designed to support the organization in achieving its core mission and providing value to stakeholders. These objectives include:

• Confidentiality, Integrity, and Availability (CIA): Ensuring the confidentiality, integrity, and availability of information, while also supporting other properties such as authenticity, accountability, non-repudiation, and reliability.

• Business Continuity and Resilience: Providing assurance that critical information systems will remain operational and resilient in the face of disruptions, whether internal or external.

• Protection of Information Assets: Safeguarding the critical information assets central to Fidelity Bank’s business operations by applying appropriate physical, technical, and administrative controls.

• Security Awareness Culture: Building and continually improving a culture of information security awareness throughout the organization, ensuring all employees understand their responsibilities in maintaining information security.

Information Security Policy

This policy serves as the cornerstone of Fidelity Bank’s approach to information security, highlighting our commitment to the highest standards and establishing a clear framework for achieving our security objectives. Key components of the Information Security Policy include:

• Access Control: Ensuring that access to information and systems is restricted to authorized users only, based on the principle of least privilege and need-to-know access.

• Risk Management: Continuously identifying, assessing, and mitigating risks to information assets, business processes, and systems, ensuring that security controls are effectively managed and updated as required.

• Incident Response: Defining clear procedures for detecting, responding to, and recovering from security incidents, ensuring a timely and effective response to minimize potential damage, data loss, or business disruption.

• Confidentiality, Integrity, and Availability (CIA): Safeguarding the information assets to ensure that information is accurate, reliable, and available to authorized individuals when needed, while also preventing unauthorized access or modification.

Compliance and Continuous Improvement

Fidelity Bank is dedicated to ensuring full compliance with ISO 27001, as well as other applicable legal, regulatory, and contractual obligations. To achieve this, we will:

• Regular Risk Assessments: Conduct periodic risk assessments to identify and evaluate potential threats, vulnerabilities, and impacts on information security. This will ensure the timely application of necessary mitigation measures.

• Legal and Regulatory Compliance: Comply with all relevant laws, regulations, and contractual requirements related to the protection of sensitive information, including data protection regulations such as DPA and industry-specific requirements.

• Continuous Improvement: Regularly review and update policies, procedures, and security controls to adapt to evolving threats and challenges, ensuring that the ISMS remains effective, relevant, and aligned with industry best practices.

Conclusion

By following this policy and adhering to the ISMS framework, Fidelity Bank reinforces its commitment to information security and demonstrates our dedication to protecting the confidentiality, integrity, and availability of our information assets. We strive to maintain the trust placed in us by our stakeholders and ensure the resilience of our information systems in a dynamic threat landscape.