RemitPro Ltd – Information Security Compliance Document

(ISO/IEC 27001:2022 Controls 8.10, 8.11, 8.12 & 8.33)

1. Introduction

RemitPro Ltd is committed to maintaining the confidentiality, integrity, and availability of all information assets. This document outlines the measures and policies in place to comply with ISO/IEC 27001:2022 controls 8.10 (Information Deletion), 8.11 (Data Masking), 8.12 (Data Leakage Prevention), and 8.33 (Information Backup).

2. Scope

This compliance document applies to:

All data and information systems within RemitPro Ltd’s operational environment.
All employees, contractors, and third-party service providers with access to RemitPro data.
All forms of data storage and transmission, including cloud and physical media.

3. Control 8.10 – Information Deletion

3.1 Policy Overview

RemitPro ensures secure deletion of data no longer required for operational, legal, or regulatory purposes. Secure deletion methods include cryptographic erasure and multi-pass overwriting to prevent data recovery.

3.2 Implementation

Retention schedules define how long data is kept based on business need and regulatory requirements.
Upon expiry or upon valid customer requests, data is securely deleted.
Secure disposal of physical media is performed by approved vendors with documented proof.
Deletion activities are logged for audit purposes.

4. Control 8.11 – Data Masking

4.1 Policy Overview

RemitPro applies data masking techniques to protect sensitive data, especially in non-production environments or where full data visibility is unnecessary.

4.2 Implementation

Sensitive data such as PII and financial data are masked or anonymized before use in development or testing.
Role-based dynamic masking ensures users only access data appropriate to their authorization level.
Masking formats comply with industry best practices, e.g., showing only last four digits of account numbers.
Periodic reviews ensure masking effectiveness.

5. Control 8.12 – Data Leakage Prevention (DLP)

5.1 Policy Overview

RemitPro deploys DLP solutions to prevent unauthorized transmission or exposure of sensitive data.

5.2 Implementation

Continuous monitoring of network traffic and endpoint data transfers.
Controls on email, cloud storage, removable media, and messaging platforms to block unauthorized data exports.
Employee training on data handling and leakage risks.
Incident response procedures for timely investigation and remediation of data leakage events.

6. Control 8.33 – Information Backup

6.1 Policy Overview

RemitPro ensures that backup copies of critical data and systems are created, maintained, and tested to guarantee data availability and integrity.

6.2 Implementation

Regular automated backups of databases, files, and configurations are scheduled and encrypted.
Backup data is stored securely, with access restricted to authorized personnel.
Backup integrity tests and restorations are performed periodically.
Backup retention aligns with business continuity and disaster recovery plans.

7. Roles and Responsibilities

Information Security Officer: Oversees policy enforcement and compliance monitoring.
IT Operations Team: Implements technical controls, manages backups, and maintains DLP solutions.
Employees: Comply with data handling policies and report security incidents promptly.
Third-Party Vendors: Required to follow RemitPro’s security policies under contractual obligations.

8. Monitoring, Review & Audit

Regular audits verify compliance with these controls.
Continuous monitoring tools detect policy violations and security incidents.
Policies and procedures are reviewed at least annually or upon significant changes.

9. Conclusion

RemitPro Ltd maintains robust information security controls in line with ISO/IEC 27001:2022 standards. These controls ensure secure data deletion, protect sensitive data through masking, prevent data leakage, and guarantee reliable backup and recovery processes — thereby upholding trust and regulatory compliance.