<aside> 📄 Document Classification - Restricted - Internal Use Only

</aside>

1.0 Purpose and Scope

1.1 Purpose

Scimitar Group is dedicated to being a top-tier provider of services, including software and technology, utilising our expert sector knowledge to offer measurable business advantages to our clients.

Through this policy, senior management reaffirms its commitment to mandate and uphold the risk management policy and framework, as detailed in the subsequent sections of this document.

1.2 Scope

This policy, an integral component of the information security management system (ISMS) applies to all divisions, sectors, employees and locations that are part of the Scimitar Group.

2.0 Policy Management

2.1 Organisation of Information Security

Organisational roles and responsibilities for the ongoing management and maintenance of the ISMS, along with the operational structure are detailed in [Referenced Document].

2.2 Policy Enforcement, Audit and Review

In accordance with [Referenced Document]:

• Adherence to this ISMS policy is mandatory unless approved as part of policy exception management.
• Exceptions and evidence of adherence to, or breach of, policy are formally managed, recorded, reported, and reviewed.

Review of this policy is formally undertaken and recorded in [Referenced Document].

3.0 Introduction

Managing risk and opportunity is a key strategic activity for the Scimitar Group’s success.

Scimitar’s Risk Management Framework (RMF) explains and enables practitioners to:

• Identify and address risks broadly at the enterprise level - not solely within the IT department