Flaxur
General Inquiries
info@flaxur.org
Ph: +233.26.809.3142

Information Security Policy

1. Purpose of the Policy

This Information Security Policy sets out Flaxur’s approach to protecting information and information systems against unauthorised access, loss, misuse, or disruption. The policy supports the organisation’s commitment to confidentiality, integrity, and availability of information in the course of its activities.

Information security is essential to maintaining trust with programme participants, partners, donors, and stakeholders.

2. Scope of the Policy

This policy applies to:

  • All information created, received, stored, or processed by Flaxur

  • All systems, platforms, and digital tools used in support of Flaxur’s activities

  • All individuals acting on behalf of Flaxur, including directors, staff, volunteers, consultants, and authorised partners

The policy covers both digital and physical information assets.

3. Information Security Principles

Our approach to information security is guided by the following principles:

Confidentiality

Information is accessible only to authorised individuals and used solely for legitimate purposes.

Integrity

Information is accurate, complete, and protected from unauthorised modification or destruction.

Availability

Information and systems are available to authorised users when required to support Flaxur’s operations and programmes.

4. Information Assets

Information assets covered by this policy include, but are not limited to:

  • Personal data and records

  • Programme and operational documents

  • Financial and administrative information

  • Digital communications and correspondence

  • Website content and backend systems

Flaxur seeks to ensure that information assets are identified, appropriately protected, and used responsibly.

5. Access Control

Access to information and systems is restricted to individuals who require it for legitimate organisational purposes. Measures may include:

  • Role-based access permissions

  • Use of passwords or authentication controls

  • Limiting administrative access to authorised personnel only

Access rights are reviewed periodically and adjusted as roles or responsibilities change.

6. Use of Systems and Devices

Information systems and devices used for Flaxur activities must be used responsibly and in accordance with organisational guidelines. This includes:

  • Protecting login credentials.

  • Avoiding unauthorised software or tools.

  • Taking reasonable steps to prevent loss or misuse of devices.

  • reporting suspected security incidents promptly.

Where personal devices are used, reasonable care is expected to safeguard organisational information

7. Data and Information Protection Measures

Flaxur applies appropriate technical and organisational measures to protect information, which may include:

  • Secure hosting environments

  • Password protection and authentication controls

  • Regular system updates and maintenance

  • Controlled sharing of files and documents

Security measures are proportionate to the sensitivity of the information and the level of risk involved.

8. Third-Party Services and Systems

Flaxur may rely on third-party service providers for website hosting, email, cloud storage, analytics, or other operational needs. Where third-party services are used:

  • Reasonable consideration is given to their security practices.

  • Access to information is limited to what is necessary.

  • Services are selected to support responsible handling of information.

Flaxur does not transfer responsibility for information security when using external services.

9. Incident Management

Any suspected or actual information security incident, including unauthorised access, data loss, or system compromise, should be reported promptly through appropriate internal channels.

Flaxur will take reasonable steps to assess incidents, mitigate risks, and respond in line with applicable policies and legal requirements.

10. Awareness and Responsibility

All individuals acting on behalf of Flaxur share responsibility for information security. This includes:

  • Handling information with care.

  • Following organisational policies and procedures.

  • Raising concerns or risks in good faith.

Information security is treated as an ongoing organisational responsibility, not a one-time activity.

11. Relationship to Other Policies

This policy should be read in conjunction with:

Together, these documents support Flaxur’s overall approach to responsible information management.

12. Review and Updates

This Information Security Policy is reviewed periodically to ensure it remains appropriate to Flaxur’s operations, technology environment, and risk profile. Updates will be published on the Flaxur website as required.

13. Contact

Questions or requests relating to information security may be directed to:

Email: compliance@flaxur.org

Also of Interest

Compliance at Flaxur
Data Protection Policy
Privacy Policy
Cookie Policy

This website stores cookies on your computer. Cookie Policy

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by