Information Security Management System (ISMS) Policy

1. Purpose

Orel Technology Solutions Inc. is committed to protecting its information assets from all threats—whether internal or external, deliberate or accidental. This Information Security Management System (ISMS) Policy establishes a framework to ensure the confidentiality, integrity, and availability of information, aligned with business objectives and regulatory requirements.

---

2. Scope

This policy applies to all employees, contractors, consultants, partners, and third parties who have access to Orel Technology Solutions Inc.’s information systems, networks, and data. It covers all information assets, including digital, physical, and intellectual property, regardless of format or location.

---

3. Objectives

The objectives of this ISMS Policy are to:

• Safeguard company and client information against unauthorized access, disclosure, alteration, or destruction
• Ensure business continuity and minimize risk of disruption
• Comply with applicable legal, regulatory, and contractual requirements
• Promote a culture of security awareness and responsibility
• Continuously improve the organization’s information security posture

---

4. Policy Statements

Orel Technology Solutions Inc. shall:

• Implement and maintain an ISMS aligned with internationally recognized standards such as ISO/IEC 27001
• Identify, assess, and manage information security risks through a structured risk management process
• Establish appropriate security controls to mitigate identified risks
• Ensure all personnel understand their information security responsibilities
• Protect sensitive and confidential information through access controls and data classification
• Monitor, detect, and respond to information security incidents in a timely manner
• Regularly review and update security policies, procedures, and controls
• Ensure secure use of information systems, including remote work environments
• Enforce compliance through audits, monitoring, and disciplinary procedures where necessary

---

5. Roles and Responsibilities

• Top Management: Provides leadership, resources, and strategic direction for ISMS implementation and continuous improvement
• Information Security Officer (ISO): Oversees ISMS governance, risk management, and compliance activities
• Employees and Users: Must comply with all security policies, report incidents, and protect company assets
• IT Department: Responsible for implementing and maintaining technical security controls

---

6. Risk Management

Orel Technology Solutions Inc. adopts a risk-based approach to information security by:

• Identifying critical assets and associated risks
• Evaluating the likelihood and impact of threats
• Applying appropriate controls to reduce risks to acceptable levels
• Periodically reviewing and updating risk assessments

---

7. Compliance

The company complies with all relevant legal, regulatory, and contractual obligations related to information security and data protection. Non-compliance may result in disciplinary action and legal consequences.

---

8. Continuous Improvement

The ISMS will be continuously monitored, reviewed, and improved to adapt to evolving threats, technologies, and business requirements. Internal audits and management reviews will be conducted regularly.

---

9. Policy Review

This policy shall be reviewed at least annually or whenever significant changes occur in the organization, technology, or regulatory environment.

---

10. Enforcement

Violations of this policy may result in disciplinary action, up to and including termination of employment or contract, and possible legal action.