ISMS Policy

1. Purpose: Gonana is committed to protecting the confidentiality, integrity, and availability of its information assets to safeguard its business operations, customers, and stakeholders. This Information Security Management System (ISMS) policy outlines the principles and framework by which Gonana manages its information security risks and ensures compliance with applicable legal, regulatory, and contractual requirements.

2. Scope: This policy applies to all Gonana employees, contractors, partners, and third parties with access to Gonana’s information systems, data, and infrastructure. It covers all forms of information, including electronic, physical, and verbal communications, as well as all technology assets.

3. Objectives Gonana’s ISMS aims to:

  1. Protect information assets from unauthorized access, disclosure, modification, destruction, or loss.

  2. Ensure compliance with legal, regulatory, and contractual requirements.

  3. Establish a risk management framework to identify, assess, and mitigate information security risks.

  4. Promote and build trust among farmers, buyers, users and stakeholders by running and maintaining a secure ecosystem.

  5. Promote a culture of security awareness among employees and stakeholders.

  6. Continuously monitor and improve the effectiveness of the ISMS.

4. Responsibilities

  • Management:

  • Ensure the establishment, implementation, and maintenance of the ISMS.

  • Allocate necessary resources for effective information security management.

  • Review the ISMS regularly to ensure its continued suitability, adequacy, and effectiveness.

  • Employees:

  • Adhere to the ISMS policy and associated procedures.

  • Report any suspected or actual security incidents promptly.

  • ISMS Team:

  • Oversee the implementation and operation of the ISMS.

  • Conduct regular risk assessments and recommend appropriate controls.

  • Provide training and guidance to employees on information security practices.

5. Key Principles

  1. Confidentiality: Ensure that sensitive information (e.g., user data, farm data, transaction details) is accessible only to those authorized to have access.

  2. Integrity: Safeguard the accuracy and completeness of information and processing methods.

  3. Availability: Ensure that authorized users have access to information and associated assets when required.

  4. Risk Management: Identify, assess, and mitigate risks to Gonana’s information assets.

  5. Compliance: Adhere to all applicable laws, regulations, and contractual obligations related to information security.

6. Risk Management Framework Gonana adopts a risk-based approach to information security management, which includes:

  1. Identifying information security risks through regular assessments.

  2. Evaluating risks based on their potential impact and likelihood.

  3. Implementing appropriate controls to mitigate identified risks.

  4. Reviewing and updating risk assessments periodically and after significant changes.

7. Security Controls

  • Access Control: Limit access to information and systems based on roles and responsibilities.

  • Data Protection: Encrypt sensitive data in transit and at rest.

  • Incident Management: Establish procedures for detecting, reporting, and responding to security incidents. Also conducting periodic security drills to ensure preparedness to tackle any security breach.

  • Physical Security: Protect physical assets and facilities against unauthorized access, damage, and theft.

  • Vendor and Third-Party Management: Ensure that third parties adhere to Gonana’s information security requirements, and include security clauses in contracts with partners and vendors

8. Monitoring and Auditing: Gonana will regularly monitor, review, and audit its ISMS to ensure compliance and identify opportunities for improvement. Any non-conformities will be addressed through corrective actions.

9. Training and Awareness: Gonana will provide regular training to employees and stakeholders to ensure they understand their information security responsibilities and are equipped to comply with the ISMS policy.

10. Continuous Improvement: Gonana is committed to the continual improvement of its ISMS by:

  1. Reviewing the policy and procedures periodically.

  2. Incorporating feedback from audits, incidents, and stakeholder input.

  3. Staying updated with emerging security threats and best practices.

11. Policy Review: This policy will be reviewed annually or whenever significant changes occur in Gonana’s operations or the regulatory environment. Updates to this policy shall be communicated to stakeholders.

12. Enforcement: Failure to comply with this policy will attract disciplinary measures, which may include termination of access to the platform or legal action where the need arises.

13. Approval: This ISMS policy is approved by Gonana’s senior management and is effective as of 6th January, 2025.

PreviousPhased Roadmap and Future VisionNextRisk Assessment and Incident Response Plan for Gonana

Last updated