Information
Security Policy

The Board and Management of Clinify which operates in the Health Information Technology sector are committed to preserving the confidentiality, integrity and availability of all physical and electronic information assets throughout the organization, in order to preserve its asset, legal, regulatory as well as contractual, compliance and image. The Information Security Management Systems (ISO 27001) requirements will continue to be aligned with organizational goals and is also intended to be an enabling mechanism for information sharing, electronic operations, and reducing information & Technology related risks to acceptable levels.

Clinify is committed to providing quality services to our customers, both internal and external by aligning Information Technology investments with organizational goals. Clinify has aligned its processes and operations to the requirements of the ISO27001:2022 standard to ensure cyber resilience, protection of its information asset and maximization of benefit/returns on IT investments.

It is therefore, Clinify’s policy to ensure:

  • Clinify’s current strategy and Information Security Management Systems (ISMS) provide the context for identifying, assessing, evaluating and controlling information/process-related risks through the establishment and maintenance of the ISMS. The risk assessment and risk treatment plan capture how identified risks are controlled in alignment with Clinify’s risk management strategy.
  • Information security education, awareness and training are made available to all stakeholders.
  • All employees of Clinify and external parties identified in the Management Systems are expected to comply with this policy.
  • The ISMS shall be subject to continuous and systematic review with improvements adopted, where necessary.
  • Management is committed to the continual improvement of the ISMS in the Organizations.
  • Breach of the policy or security mechanism may warrant disciplinary measures, up to and including termination of contract as well as legal action in line with the Cybercrime Prohibition Act 2015.