ISMS External Communication Statement

Vigilant Applications Limited (“Vigilant”) is certified to the ISO 27001 : 2013 (Citation certification number 409242023), the international standard for information security. The framework for ISO27001 requires organisations to identify information security risks and select appropriate controls to tackle them in order that the Confidentiality, Integrity and Availability (CIA) of information it holds and processes, either for itself or on behalf of another organisation, is maintained.

Certification and ongoing compliance to ISO 27001 : 2013 requires that a suitable Information Security Management System (ISMS) be established and maintained.

Vigilant has a comprehensive ISMS in place covering all aspects of its operations. A copy of the company’s current Statement of Applicability against which the ISMS has been implemented and the associated controls measures that have been put in place may be made available on request to third parties (including customers, suppliers and other stakeholders) with a legitimate requirement. Release of this information shall be subject to both the prior approval of a Vigilant Director and the recipient’s explicit agreement to maintaining appropriate confidentiality provisions relating to the information disclosed. Any such disclosure shall be recorded in the company’s Interested Parties Register.

Wherever Vigilant handles data received from, or processes data on behalf of, a third party details of that party are entered into the company’s Interested Parties Register.

Where relevant, Interested Parties will be notified of any material changes to the company’s Statement of Applicability and/or associated control measures, or any issues relating to the ISMS. Such notification will ordinarily be communicated by email, to any designated contact(s) notified to the company from time to time, from a Vigilant Director but may, in the first instance, be provided by telephone (in which case email confirmation will subsequently also be provided).