KX Information Security Policy

The scope of this Information Security Management System (ISMS) framework is restricted to all KX infrastructure, security operations and offerings.

The KX Security and Compliance Teams are committed to protecting the critical information assets by implementing and continually improving an Information Security Management System (ISMS) to help ensure that its applicable information security objectives are met, and the ISMS is able to adapt to internal and external changes.

The ISMS is designed to meet the goal to protect KX and its customers information assets from security threats identified, whether internal or external, deliberate or accidental. By means of this ISMS we will strive to:

  • Deliver against all customer and stakeholder security requirements while meeting and possibly exceeding all expectations with respect to Information Security
  • Enhance our brand value and recognition in the market

The objectives of Information Security are:

  • Maintain the confidentiality of the information such that only authorized persons have access
  • Control all access to information ensuring that only authorised persons have such access and therefore protect information confidentiality
  • Protect the integrity of all information
  • Arrange for the availability of information assets, and systems whenever required

KX shall align with ISO / IEC 27001:2022 as a base security standard and as required by our customers, extend to other security standards such as ISO 27017, ISO 27018 and SOC2 Type II. The Organization shall establish an information security governance, risk and compliance (GRC) to effectively and efficiently manage the ISMS. The organization shall:

  • Manage all information assets to understand their vulnerabilities and the threats (current and future) that may exploit these vulnerabilities resulting in risk to the organization
  • Manage risks to an acceptable level through the design, implementation and maintenance of risk treatment plans
  • Provide security awareness programs and train the resources to achieve the appropriate skills and competencies required to maintain an effective Information Security Management System (ISMS)
  • Comply with local laws and regulations and contractual obligations as relevant to Information Security

The KX Information Security and GRC Teams hold direct responsibility for maintaining this Information Security Policy and providing guidance on its implementation as well as encouraging personal commitment of all staff to conform to the policy requirements.

All personnel under the scope of the ISMS must adhere to this Information Security Policy. Failure to do so can result in disciplinary actions including termination of employment or contract and prosecution in accordance with the applicable federal, state and local laws.

The scope of this policy and our ISMS is all of KX.

This Information Security Policy is supported by security commitments defined in our Technical and Operational Measures (TOMS)

Approved by: SVP of Compliance
Date: June 12, 2024