IMS Policy Statement

At Safe Welkin Limited, we are committed to the implementation and continual

improvement of an Integrated Management System (IMS) that encompasses

Information Security, Business Continuity, Quality Management, and Data Privacy

in alignment with the requirements of ISO/IEC 27001:2022, ISO 22301:2019, ISO

9001:2015, and the Nigeria Data Protection Act, 2023.

The Board and Management of Safe Welkin Limited, an audit, risk and compliance

firm are committed to preserving the confidentiality, integrity, availability and

privacy of all physical and electronic information assets throughout the

organisation, to safeguard its assets, legal, regulatory, as well as contractual,

compliance, and image.

The Integrated Management Systems (ISO 27001, ISO 22301 and ISO 9001) requirements

will continue to be aligned with organisational goals and are also intended to be

an enabling mechanism for information sharing, electronic operations, and reducing

information & technology-related risks to acceptable levels.

Safe Welkin is committed to providing quality services to our customers, both

internal and external, by aligning Information Technology investments with

organisational goals.

Safe Welkin has also aligned its processes and operations to the requirements of

the ISO27001:2022, ISO22301:2019 and ISO 9001:2015 standards to ensure

business continuity, protection of its information assets and maximisation of

benefit/returns on IT investments.

It is therefore Safe Welkin’s policy to ensure:

• Safe Welkin’s current strategy and Integrated Management System (IMS)

provide the context for identifying, assessing, evaluating, and controlling

information/process-related risks through the establishment and maintenance

of the IMS. The risk assessment and risk treatment plan capture how

identified risks are controlled in alignment with Safe Welkin’s risk

management strategy.

• Business continuity and contingency plans, data backup procedures, systems

access control, and information security incident reporting are fundamental to

this policy. All employees of Safe Welkin shall have the responsibility of

reporting incidents.

• Information security education, quality management awareness and training

are made available to all stakeholders.

• All employees of Safe Welkin and external parties identified in the

Management Systems are expected to comply with this policy.

• The IMS shall be subject to continuous and systematic review with

improvements adopted, where necessary.

• Management is committed to the continual improvement of the IMS in the

organisation.

• Breach of the policy or security mechanism may warrant disciplinary

measures, up to and including termination of contract, as well as legal action

in line with the Cybercrime Prohibition Act 2015.

To uphold this commitment, we shall:

• Safeguard the confidentiality, integrity, and availability of all information

assets and client data;

• Maintain adequate controls and business continuity procedures to ensure the

uninterrupted delivery of our services.

• Consistently deliver high-quality certification and assurance services that

meet client expectations and applicable requirements;

• Foster a culture of continuous improvement, risk-based thinking, and

innovation;

• Comply with all relevant statutory, regulatory, and contractual obligations,

including data privacy laws and industry codes of conduct;

• Equip our workforce with the training, resources, and awareness needed to

uphold these principles in their day-to-day operations.

This policy shall be communicated to all stakeholders, reviewed periodically for

effectiveness, and serve as a framework for setting our IMS objectives.