IMS Policy Statement

1. Our Commitment

The Board and Management of Mansu, which operates in the Financial Technology sector, are committed to preserving the confidentiality, integrity, and availability of all physical and electronic information assets throughout the organization, to preserve its assets, legal, regulatory, as well as contractual, compliance, and image.

The Integrated Management Systems (ISO 27001 and ISO 22301) requirements will continue to be aligned with organizational goals and is also intended to be an enabling mechanism for information sharing, electronic operations, and reducing information & technology-related risks to acceptable levels.

2. Quality Service Commitment

Mansu is committed to providing quality services to our customers, both internal and external, by aligning Information Technology investments with organizational goals.

Mansu has aligned its processes and operations to the requirements of the ISO27001:2022 and ISO22301:2019 standard to ensure business continuity, protection of its information asset and maximization of benefit/returns on IT investments.

3. Policy Objectives

It is therefore Mansu's policy to ensure:

• Preservation of confidentiality, integrity, and availability of information assets
• Alignment of IT investments with organizational goals
• Compliance with ISO 27001:2022 and ISO 22301:2019 standards
• Business continuity and protection of information assets
• Maximization of benefit and returns on IT investments

4. Risk Management Strategy

Mansu's current strategy and Integrated Management System (IMS) provide the context for identifying, assessing, evaluating, and controlling information/process-related risks through the establishment and maintenance of the IMS. The risk assessment and risk treatment plan capture how identified risks are controlled in alignment with Mansu's risk management strategy.

5. Business Continuity and Security

Business continuity and contingency plans, data backup procedures, systems access control, and information security incident reporting are fundamental to this policy.

All employees of Mansu shall have the responsibility of reporting incidents to ensure the integrity and security of our information systems.

6. Information Security Education

Information security education, awareness and training are made available to all stakeholders to ensure everyone understands their role in maintaining our security posture and compliance requirements.

7. Compliance Requirements

All employees of Mansu and external parties identified in the Management Systems are expected to comply with this policy. This includes adherence to established procedures, reporting requirements, and security protocols.

8. Continuous Improvement

The IMS shall be subject to continuous and systematic review with improvements adopted, where necessary. This ensures our systems remain effective and aligned with evolving business needs and regulatory requirements.

Management is committed to the continual improvement of the IMS in the organization through regular assessments, updates, and enhancements to our processes and procedures.

9. Legal Compliance and Enforcement

Breach of this policy or security mechanism may result in disciplinary measures, including termination of contract, and may attract legal action under applicable national laws, which may impose fines, prosecution, or other sanctions as prescribed by law.

10. ISO Standards Compliance

Our IMS framework is built upon internationally recognized standards:

• ISO 27001:2022 - Information Security Management Systems
• ISO 22301:2019 - Business Continuity Management Systems

These standards provide the foundation for our comprehensive approach to information security and business continuity management.

11. Contact Information

For questions about this IMS Policy or to report security incidents, please contact us: