1.0 Purpose

The purpose of this policy is to direct the design, implementation, and management of an effective Information Security Program, which ensures that Roboto Studio’s information assets are appropriately identified, recorded, and afforded suitable protection at all times. This document sets forth certain principles regarding the responsible use of information by Roboto Studio and outlines the roles and responsibilities of personnel to protect the confidentiality, integrity, and availability of Roboto Studio’s resources and data.

2.0 Scope

This policy covers Roboto Studio’s information and information systems, including information and information systems used, managed, or operated by a contractor or other vendors and is applicable to all Roboto Studio employees, contractors, and other users of Roboto Studio’s information and information systems.

3.0 Policy Statements

• Implement and maintain the Information Security Program at Roboto Studio.
• Continuously improve and align information security practices to global best practices and standards.
• Information security policies shall be reviewed regularly by management. Roboto Studio employees shall acknowledge their adherence to these information security policies and practices annually.
• Security awareness training shall be provided regularly.
• Internal assessments or audits of Roboto Studio’s Information Security Program shall be performed periodically, and any gaps or findings shall be remediated promptly.
• A risk assessment process for Roboto Studio’s information assets shall be defined and followed. Risk reduction shall be carried out through the process of continuous improvement.
• Roboto Studio’s information asset inventories shall be reviewed and updated when a new asset is added and/or an existing asset is upgraded.
• Business continuity plans (BCPs) and backup plans shall be reviewed and tested at least annually.
• Roles and responsibilities of staff shall be clearly defined and communicated to relevant individuals.
• Information should be classified and handled according to its criticality and sensitivity as mandated by relevant legislative, regulatory, and contractual requirements.
• Appropriate contacts shall be maintained with relevant authorities, special interest groups, or other specialist security forums.
• As needed, security incidents would be reported outside of Roboto Studio by a designated person nominated by the Executive Manager.
• Requirements for confidentiality or non-disclosure agreements reflecting the organization’s needs for the protection of information shall be identified, regularly reviewed, and documented.
• Anti-virus and anti-malware solutions shall be deployed on system components.
• Prevention, detection, and recovery controls to protect against malware and phishing attacks shall be implemented by Roboto Studio, and these will be combined with appropriate user awareness.
• An incident management process shall be established to correctly identify, contain, investigate, and remediate incidents that threaten the security or confidentiality of Roboto Studio’s information assets.
• Roboto Studio shall develop and maintain a vendor management process for third-party vendor engagement and assessment.
• Change and vulnerability management controls shall be established and implemented.

4.0 Roles and Responsibilities

4.1 Roboto Studio Company Secretary

The Company Secretary shall be independent of management, provide oversight and direction for Roboto Studio’s Information Security Program. Their responsibilities include:

• Ascertaining that there is transparency regarding the significant risks facing Roboto Studio.
• Obtaining assurance that management has established responsibilities, processes, and technology for an effective Information Security Program.
• Using the output of any Information Management Program assessment to assist in risk management decisions to secure Roboto Studio’s information assets.

4.2 Roboto Studio Executive Manager

The Executive Manager shall provide directions and management support to employees with information security responsibilities at Roboto Studio. Responsibilities include:

• Defining and aligning the scope of the Information Security Program with Roboto Studio’s business requirements and security best practices and standards.
• Approving Roboto Studio’s information security policies, as well as changes or amendments to policies to ensure that overall information security posture is aligned with business requirements and risks.
• Ensuring that information security responsibilities have been assigned and are sufficient to comply with the Information Security Program.

4.3 Roboto Studio Chief Information Security Officer (CISO)

The CISO is responsible for the organization’s information and data security. Responsibilities include:

• Overall responsibility for implementing and ensuring information security in Roboto Studio.
• Monitoring continuous security improvements; reviewing and recommending applicable changes in the security policies and processes.
• Managing and improving the organization's Business Continuity Planning (BCP) and Disaster Recovery (DR) preparedness.
• Advising the Executive Manager on the standards or best security practices to adopt at the organizational level.
• Ensuring compliance with changing laws and applicable regulations.
• Communicating the Information Security policies and security programs to the organization through ongoing security training and awareness.
• Providing guidance and oversight for BCPs and Disaster Recovery Management for Roboto Studio.

4.4 IT Security Team

Responsibilities include:

• Maintaining all security tools and technology to secure and monitor systems effectively.
• Monitoring all operations and infrastructure by reviewing alerts and logs.
• Evaluating new technologies and assisting in the implementation of controls that reduce the risk of its operation.
• Conducting continuous reviews of policies and controls.

4.5 Recruitment Team (HR)

Responsibilities include:

• Determining the skills and requirements for positions in information security.
• Ensuring that employees and contractors are informed of their information security responsibilities.

5.0 Information Security Policies

This document, along with the rest of Roboto Studio’s information security policies, define the principles and terms of Roboto Studio’s Information Security Program, as well as the responsibilities of the users and employees in carrying out and adhering to the respective program requirements. Violations may result in corrective actions and the start of a disciplinary process.