Izifin Integrated Management System (IMS) Policy
1. Policy Statement and Commitment
Izifin Technologies Limited ("Izifin") is committed to upholding secure and trustworthy artificial intelligence solutions for business operations. We maintain the highest level of trust with our users by ensuring the security, confidentiality and continuous availability of our critical services.
This Integrated Management System (IMS) Policy provides the framework for establishing, implementing, maintaining, and continually improving an effective Information Security Management System (ISMS), Business Continuity Management System (BCMS), and Artificial Intelligence Management System (AIMS).
Management is committed to providing the necessary resources, training, and leadership to support this policy and the culture of resilience it promotes.
2. Scope of the IMS
The IMS applies to all personnel, systems, technology, physical facilities and information assets involved in the design, development, delivery, maintenance and support of Izifin's core services:
- Izi Merchant – Comprehensive business management suite.
- IziBNPL – Flexible installment payment solution.
- IziMarketing – Data-driven marketing engine.
- IziSentinel – Fraud monitoring and detection solution.
- Izi KYC – Automated identity verification platform.
- Mimic – AI assistant for business operations.
- IziDecision – Automated underwriting and risk assessment engine.
3. Standards and Framework
a. Information Security Principles (ISO 27001)
- Confidentiality: Access only for authorized individuals.
- Integrity: Protecting accuracy and completeness of information.
- Availability: Ensuring reliable access to systems and information.
Information Security Objectives
- Maintain confidentiality, integrity and availability.
- Ensure NDPR compliance.
- Minimize security breaches.
- Conduct annual security assessments.
b. Business Continuity Principles (ISO 22301)
- Minimizing downtime.
- Preparedness through continuity planning.
- Resilience via redundancy and backups.
Business Continuity Objectives
- Improve RTOs and RPOs.
- Ensure uninterrupted service availability.
- Conduct scenario-based testing.
c. AI Management Principles (ISO 42001)
- Reliability
- Explainability
- Safety & Security
- Fairness & Non-Discrimination
AI Management Objectives
- Establish trust in AI systems.
- Ensure regulatory alignment.
- Minimize AI risk incidents.
- Conduct continuous AI impact assessments.
- Promote AI literacy.
4. Compliance, Monitoring and Improvement
- Nigerian Data Protection Act & NDPR compliance.
- Adherence to ISO 27001 and ISO 22301 standards.
PDCA Cycle
- PLAN: Establish objectives and processes.
- DO: Implement and operate the system.
- CHECK: Monitor performance and conduct audits.
- ACT: Improve through corrective actions.
5. Roles and Responsibilities
- Top Management + DPO: Define policy and provide resources.
- IMS Tech Team: Maintain and implement IMS activities.
- All Personnel: Protect information and follow procedures.
6. Risk Management and Improvement
- Identify information security and AI risks.
- Implement proportional risk treatment.
- Learn from incidents and strengthen controls.
7. Policy Review
This policy shall be reviewed annually or sooner if significant changes occur within the organization or relevant regulatory frameworks.
APPROVAL
This policy has been approved by the Chief Executive Officer of Izifin Technologies Limited.
