Our Information Security Statement
Nathan Digital is committed to securing the Confidentiality, Integrity, and Availability of all information related to the business and its operations. As part of our commitment to ethical AI, data privacy, and information security, Nathan Digital has adopted an Information Security Management System (ISMS) aligned with the ISO/IEC 27001:2022 standard and ISO/IEC 42001:2022 for AI Governance. In addition, we are in the process of obtaining certification for SOC 2 Type II to further demonstrate our commitment to the highest standards of security, privacy, and compliance.
1. Key Commitments Under ISO 27001 & ISO 42001
2. Legal and Regulatory Compliance
We comply with international standards and data protection laws, including:
- EU/UK GDPR & UK DPA 2018
- UAE PDPL (Federal Decree-Law No. 45 of 2021)
- Kenya Data Protection Act, 2019 (KDPA)
- South Africa POPIA
- Singapore PDPA
- Canada PIPEDA
In addition to these regulations, we ensure that all AI systems are developed, deployed, and operated in line with ISO 42001 (AI Governance), which includes:
- Ethical AI Principles: Fairness, transparency, and accountability.
- Compliance with AI-Specific Legal Requirements: Meeting the legal requirements for AI models that process personal or sensitive data.
- Privacy Protections: Ensuring privacy when AI models process personal data.
3. AI Risk Management and Ethical AI Framework
We have established and implemented a comprehensive AI Risk Management Framework to identify, assess, and mitigate risks associated with AI models, including:
- Bias and Fairness Risks: Addressing potential biases in AI models and ensuring fairness in decision-making.
- Transparency and Explainability: Ensuring that AI models and their outcomes are explainable and understandable.
- Security and Privacy Risks: Protecting personal and sensitive data processed by AI systems.
This framework ensures that AI systems operate securely and ethically, meeting the requirements of both ISO 27001 and ISO 42001.
4. Incident Management and AI Monitoring
We have established a comprehensive Incident Management Process as part of our Information Security Management System (ISMS) and AI Governance Framework. This process ensures that all information security incidents, including those involving AI systems, are reported, investigated, and remediated promptly. We continuously monitor our AI models for issues like performance degradation, security vulnerabilities, and bias, ensuring that they remain secure, ethical, and aligned with our standards. All AI-related incidents are handled in accordance with our ISMS protocols, ensuring compliance with ISO/IEC 27001 and ISO 42001, and safeguarding the integrity and security of both our AI systems and the data they process.
5. Resource Allocation for ISMS and AI Governance
Nathan Digital ensures that appropriate resources are allocated to:
- Implement, maintain, and continually improve our ISMS and AI governance frameworks.
- Conduct regular AI risk assessments, including AI-DPIAs (AI Data Protection Impact Assessments).
- Allocate personnel with the required expertise to manage both information security and AI ethics.
6. External Partnerships and AI Collaboration
We establish and enhance partnerships with external providers and relevant interested parties to:
- Provide improved AI-driven products and services.
- Ensure the ethical and secure use of AI systems in collaboration with external partners.
- Perform third-party assessments of AI-related risks, including vendor AI governance audits.
7. Information Security and AI Objectives
We establish, measure, monitor, and update our information security objectives in alignment with our Information Security Policy Manual, ensuring full compliance with ISO/IEC 27001 standards. These objectives include the continuous improvement of AI security controls and AI ethics frameworks, as well as ensuring the achievement of data privacy and security compliance for AI systems, specifically maintaining GDPR compliance for AI-driven data processing. Our objectives are designed to maintain the confidentiality, integrity, and availability of information and align with our ISMS to continually enhance our information security posture and ethical AI governance.
8. Continuous Improvement of Information Security & AI Governance
Management at Nathan Digital acknowledges the need for continual improvement. We have implemented various processes to ensure effective and continual improvement of our ISMS and AI governance practices, including:
- Regular reviews and updates of AI ethical practices and information security controls.
- Regular management reviews of both the ISMS and AI Governance to align with emerging risks, regulatory changes, and technological advancements.
- Performance tracking of AI systems, data privacy, and security measures to ensure continual alignment with business objectives.
9. Compliance with ISO 27001, ISO 42001 & SOC 2 Type II
We are aligned with the core principles of ISO 27001 (Information Security Management), ISO 42001 (AI Governance), and SOC 2 Type II (Trust Services Criteria). We ensure that:
- Confidentiality: Protecting sensitive information from unauthorized access.
- Integrity: Ensuring the accuracy and reliability of data and AI systems.
- Availability: Guaranteeing that systems and data are accessible when needed by authorized users.
- Privacy: Ensuring that personal data is processed securely and with respect to privacy rights.
