This statement contains a list of all Annex A controls, justification for inclusions and exclusion and the way we have implemented them.


We recognize the value of information and privacy and have therefore implemented an information security management system to control all our efforts towards information security. This policy applies to all individuals who have access to sensitive information, including employees, contractors, and third-party vendors.

The Information security policy applies to all stakeholders of our organization at Hook0.


  • The responsibility for all information security efforts has been appointed to the Security officer
  • Policies and procedures documents will be kept up to date and made available to all relevant stakeholders
    Information security awareness training will be provided to all employees
  • Organizational and technical measures will be put into place to protect information assets
  • Procedures will be put into place to correct and prevent any deviations and incidents
  • We comply with all laws and regulations in our jurisdiction
  • To continuously improve ourselves, we review and define new Objectives
  • To provide assurance to our stakeholders, we seek compliance to ISO 27001


This policy applies to all information that is collected, stored, and processed by our organization. This includes customer data, access credentials, and other sensitive information.

Roles and Responsibilities

All individuals with access to sensitive information are responsible for protecting that information in accordance with this policy. This includes:

  • Ensuring that access to sensitive information is restricted to authorized individuals only
  • Protecting access credentials and other sensitive information from unauthorized access or disclosure
  • Reporting any potential security incidents or breaches to the Information Security team

Information Security Measures

Our organization has implemented a number of measures to prevent, detect, and respond to security incidents. These measures include:

  • Implementing strong password policies and requiring the use of two-factor authentication
  • Regularly monitoring and auditing access to sensitive information
  • Conducting regular security assessments and vulnerability scans
  • Providing employees with training on information security best practices
  • Establishing incident response procedures to quickly and effectively address potential security incidents

Policy Compliance

Individuals who do not comply with this policy may be subject to disciplinary action, up to and including termination of employment.

Policy Review

This policy will be reviewed and updated on an annual basis, or as needed to reflect changes in technology, business practices, and regulatory requirements.