1. Introduction 

This policy defines the overall framework of information security policies that have been developed and adopted within Hubtel’s Information Security Management System. 

Hubtel has decided to subscribe and adopted ISO/IEC 27001(Information Security Management System) in order that the effective adoption of information security best practice may be validated by an external third party. 

  1. Products and Services 

The following products and services are within the scope of the ISMS:  

  • Hubtel app (Android and iOS) 
  • Hubtel POS app (Android, iOS, Windows and USSD) 
  • Producer Portal 
  • Web checkout 
  • Messaging 
  • Direct APIs for businesses 
  1. Information Security Objectives 

Based on the requirements and factors set out in this document, the following major objectives are set for information security: 

  • Improve organizational information security awareness and training culture by 95% 
  • Increase the protection of confidential information of all clients/customers by 95% 
  • Ensure the Protection of all critical information assets and business processes by 95% 
  • Ensure 100% compliance to Information security regulations and laws 
  1. Top Management Leadership and Commitment 

Commitment to information security extends to senior levels of the organization and will be demonstrated through this ISMS Policy and the provision of appropriate resources to provide and develop the ISMS and associated controls. 

Top management will also ensure that a systematic review of performance of the programme is conducted on a regular basis to ensure that quality objectives are being met and quality issues are identified through internal and external audit programme and management processes. 

The Information Security Manager shall have overall authority and responsibility for the implementation and management of the Information Security Management System, specifically: 

  • The identification, documentation and fulfilment of information security requirements 
  • Implementation, management and improvement of risk management processes 
  • Integration of security in all processes 
  • Compliance with statutory, regulatory and contractual requirements 
  • Reporting to top management on performance and improvement 
  1. Continual Improvement Policy 

Hubtel’s top management is committed to continually improve the ISMS in the bid to comply with regulatory requirements, international standards and best practices. 

Hubtel policy regarding Continual Improvement is to: 

  • Continually improve the effectiveness of the ISMS 
  • Enhance current processes to bring them into line with good practice as defined within ISO/IEC 27001 standards. 
  • Maintain ISO/IEC 27001 certification on an on-going basis 
  • Increase the level of proactivity regarding information security  
  • Make information security processes and controls more measurable in order to provide a sound basis for informed decisions 
  • Review relevant metrics on an annual basis to assess whether it is appropriate to change them, based on collected historical data 
  • Obtain ideas for improvement via regular meetings with stakeholders and document them in a Continual Improvement Plan 
  • Review the Continual Improvement Plan at least once in a year in the ISMS Management Review Meetings (IMRM) in order to prioritise and assess timescales and benefits 

Ideas for improvements may be obtained from any source including employees, customers, suppliers, risk assessments and service reports. Once identified they will be added to the Continual Improvement Plan and evaluated by the Information security committee for Continual Improvement. 

You can always share your information security ideas and concerns with us via [email protected]