The English version of legal agreements and policies is considered as the only current and valid version of this document. Any translated version is provided for your convenience only, to facilitate reading and understanding of the English version. Any translated versions are not legally binding and cannot replace the English versions. In the event of disagreement or conflict, the English language legal agreements and policies shall prevail.
**Last revised: 2025-12-30**
### Information Security Policy
The **Information Security Policy** (“IS Policy”) applies to information managed by **NOX INFOTECH** (“NOX INFOTECH”).
#### Focus of the IS Policy
The IS Policy ensures the **accessibility**, **authenticity**, **integrity**, and **confidentiality** of information. It complies with applicable legislation, including the **Digital Personal Data Protection Act, 2023** (DPDP Act), the **Information Technology Act, 2000** and its rules, and aligns with the **ISO/IEC 27001:2022** standard (“Information technology – Security techniques – Information security management systems – Requirements”) in the context of NOX INFOTECH's web hosting, domain registration, and related services.
#### Implementation of the IS Policy
NOX INFOTECH implements the IS Policy through risk assessments that identify threats and vulnerabilities affecting managed information. This improves the information security management system and reduces identified risks to an acceptable level.
#### Goals of the IS Policy
- Prioritize protection of confidential information and personal data against unauthorized disclosure or use.
- Ensure information remains timely accessible to authorized persons and used only as permitted.
- Maintain information relevance and sufficiency to identify its source and the person who created and/or processed it.
- Prevent illegal changes, destruction, or loss of information.
- Protect information from intentional or accidental disclosure to unauthorized persons.
- Provide periodic training and instruction to internal users on information security issues.
NOX INFOTECH implements the IS Policy alongside cyber security and business continuity policies. It follows principles of complexity, procedural approach, separation of functions, informal enforcement, resistance to social engineering, avoidance of security fatigue, need-to-know, proportionality, balance, and efficiency.