Call Us: +254-20-2675208 | Email: info@cragroup.co.ke

Information Security Policy Statement

Policy Statement


Computer Revolution Africa Group Limited (CRAG) is committed to protecting the fundamental human right to privacy.

This Privacy Statement, applies to personal data that CRAG collects and handles for the purposes of providing CRAG products and services to the vis. For the purposes of this Privacy Statement, “Personal data” means any information relating to an identified or identifiable natural person.

CRAG is registered with the Office of the Data Protection Commission as both a Controller and a Processor.

CRAG has established Information Security Policies which supports the strategic aims of the business and is committed to maintaining and improving information security within the Company and minimising its exposure to all risks. The policy is as follows:

1. Ensure the confidentiality of employee, corporate and client information and the protection of that information against unauthorised access;
2. Maintain the integrity of all information and ensure the availability of all information as required by law;
3. Provide information security training and awareness for all employees;
4. Supply information to all relevant business process and employees as required and for the approved purpose;
5. Meet all regulatory and legislative requirements;
6. Maintain and regularly test disaster recovery and business continuity plans for its business activities;
7. Ensure that breaches of Information Security, actual or suspected will be reported and investigated by the responsible team and opportunities for improvement will be identified and implemented immediately;
8. Adhere to the requirements of ISO 27001;
9. Communicate this policy statement both internally and externally and on request;

This policy is dynamic, and the CRAG Management Team commit to continual improvement through a process of ongoing management reviews, risk assessments, regular internal/external audits and security incident reporting.