Civica Information Security and Data Protection Framework

This document is a technical report detailing Civica's information security and data protection framework. It outlines the company's commitment to maintaining data integrity and security through adherence to international standards such as ISO 27001 and ISO 22301. The report describes the management framework, which includes policies and procedures reviewed by executive leadership. It details the audit program for compliance monitoring and the independent verification process conducted by accredited auditors. The document also explains product security measures, including secure software development practices and ongoing security assessments. Additionally, it highlights operational security measures, including vulnerability assessments, access control protocols, and communications security. The report emphasizes the importance of human resources in data protection through background checks and mandatory training. Finally, it discusses incident management procedures to ensure business continuity and resilience during emergencies, including regular testing of disaster recovery plans and data backups.