Information Security Policy

Fully committed to ensuring the Confidentiality, Integrity, and Availability of information, Mazars in the Philippines has adopted an Information Security Management System (ISMS) to effectively protect the information of the organization and its stakeholders including clients from security threats, whether internal or external, deliberate, or accidental.

The management of Mazars in the Philippines is committed to ensure that:

1. Organizational Commitment: Mazars management team is committed to establishing, implementing, and maintaining an effective ISMS by ISO27001 requirements.
2. Risk Management: We are committed to identifying and managing information security risks through a systematic risk assessment and treatment process.
3. Compliance with Legal and Regulatory Requirements: We pledge to comply with all relevant legal, regulatory, and contractual obligations related to information security.
4. Communication and Awareness: We will promote information security awareness throughout the organization, ensuring that all employees understand their roles and responsibilities.
5. Employee Training: We will ensure that adequate training and awareness programs will be implemented to ensure that employees understand their responsibilities and contribute to the overall success of ISMS.
6. Review and Audit: Regular reviews and audits of the ISMS will be conducted to ensure its effectiveness and identify opportunities for improvement.
7. Documentation and Records: Appropriate documentation and record-keeping practices will be implemented to demonstrate conformity with ISO27001 standards.
8. Continuous Improvement: We are committed to a culture of continual improvement, regularly reviewing the ISMS to enhance its effectiveness and adapt to changing circumstances.

Mazars in the Philippines will continually improve and enhance our performance through the setting of information security objectives and performance indicators that are monitored, reviewed, and acted upon.
Appropriate resources are allocated by the Top Management to implement and operate an effective Information Security Management System.

This Information Security Policy will be reviewed regularly and will be communicated to all relevant interested parties using the appropriate methods.