Information and Cybersecurity Policy Statement

INFORMATION AND CYBERSECURITY POLICY STATEMENT

FBC Holdings Limited is a diversified financial services company with interests in commercial banking, mortgage lending, direct insurance, reinsurance, securities broking and microfinance. The company is primarily domiciled in Zimbabwe but has greenfield operations in Botswana.

FBC has put in place Information Security Management Systems in order to ensure the confidentiality, integrity and availability of all processing services, both internal and external. FBC considers Information Security aspects as a top priority for customer confidence and the protection of the brand.

The scope of the Information Security Management System is:

· Information Resources – All data related to the organization’s operations, people, and partners, regardless of how it's created or shared.

· Technologies – All technology used to handle information, from creation to disposal.

· Information Systems – All systems, applications, networks, and services used by or for the organization.

· Locations – All sites where the organization’s people, systems, or data are based.

· Personnel – All authorized users, including employees, contractors, vendors, and partners.

 

FBC Holdings Limited shall continue to ensure confidentiality, integrity, and availability of the organization’s computing and information system assets, information, data, configuration items, and components, and shall maintain the organization’s information security management system in accordance with ISO/IEC 27001:2022 international standard, and other applicable statutory and regulatory requirements.

 

This is achieved by:

  •  Establishing, implementing, and maintaining an information security management system (ISMS), including information security objectives, as well as continually improve the effectiveness of its ISMS.
  • Designating the Chief Information Security Officer (CISO) as the Management Representative for Information Security efforts across the organization. The CISO is responsible and accountable for establishing, maintaining, and disseminating the organization's Information and cybersecurity policy to the rest of the organization and other interested parties (stakeholders).
  •  Ensuring that the communication and awareness need of the FBC's Information Security Management System (ISMS) shall be by the ISMS Communication Plan
  • Establishing Information Security objectives in support of this information and Cybersecurity policy and it is based on the standard ISO 27001:2022.
  • Planning the Information Security to contain activities required to meet the organization's information and Cybersecurity policy and its information security management objectives.
  • Regularly reviewing how well the Information Management processes and procedures are being adhered to through auditing.
  • Ensuring all staff of FBC Holdings Limited (and interested parties/stakeholders) adheres strictly to the organization's Information and Cybersecurity Policy.
  • Driving continual improvement within the Information Security Management System, in accordance with established objectives, make recommendations for improvements and reviewing at least annually or after a major change in the organization's systems and operations.