Information Security Policy Statement

• It is APNIC’s mandate that the information it manages shall be appropriately secured to protect against the consequences of breaches of confidentiality, failures of integrity or interruptions to the availability of that information.
• An Information Security Management System (ISMS) has been developed, implemented, maintained, and shall be continuously improved.
• APNIC’s ISMS provides management direction and support for information security across APNIC and establishes senior management’s commitment to establishing and monitoring its ISMS objectives
• APNIC follows a risk management framework to protect our systems and information from risks in accordance with their value
• The policy is applicable to all employees, contractors, consultants, and other workers at APNIC and its subsidiary, APNIC Foundation.
• APNIC will establish and maintain appropriate contacts with other organisations, law enforcement authorities, regulatory bodies, and network and telecommunications operators in respect of its information security policy
• APNIC is committed to identifying and complying with applicable requirements relating to information security
• Any non-conformances and information security incidents will be reported, investigated and suitable action taken in a systematic and timely manner.

As a benchmark, APNIC has implemented an Information Security Management System in accordance with the requirements of ISO 27001:2013 as a foundation for continual improvement. Information Security objectives have been established and are regularly reviewed.