1. Policy
• Mojo Soup understands that we are obliged (most of the times in our customer contracts) to
protect our customers information security.
• For the purposes of this policy, information includes any form of data or document stored within any management system whether that be electronic or physical.
• Mojo Soup will follow defined practices in relation to people, process and systems in order to
maintain information security to the requirements within our customer contracts.
• [FOR REVIEW] – Mojo Soup Directors to review and decide if we are to be certified and/or align our management systems with ISO/IEC 27001.
2. Related Procedures
• Annual Mojo Soup information security training
• Onboarding new staff and/or contractors
• Off-boarding staff and contractors
• Project Management procedures – particularly Project Initiation, Contract Management and Project Closures
• Software Development Procedures
• Specifically, when we have access to customers production data the following should be followed:
o (if required by customer) Any individual who has access to customer data is to sign a
confidentiality deed
o Mojo Soup are to nominate specific individuals that have access to production data and
environments and for what purpose, and these individuals must be approved by the
customer, including any change to nominate people or scope of access.
3. Related Work Instructions
• Use of Mojo Soup 1Password
4. Tools and systems
• Employment agreement
• Independent contractors agreement
• Supplier and customer terms and conditions
• Confidentiality agreements
• Mojo Soup 1Password vaults
• Office365 user management and other information security features