Skip to content
About NAPA / Information security policy

NAPA Information Security Policy

NAPA Group’s information security is implemented and developed in a risk-based manner, using appropriate and cost-effective solutions. The information security policy is reviewed annually by NAPA Steering Team.


NAPA’s objective in managing information security is to ensure it’s core and supporting business operations continue to operate with minimal disruptions. NAPA shall guarantee that all confidential information is managed and stored with appropriate confidentiality procedures in place.

NAPA fully recognizes that information assets constitute important management resources essential to conducting business. We also acknowledge that our people and organization must be proactive in — and committed to — maintaining a high level of security to protect our information assets against any potential threat by ensuring physical and technical security measures are firmly in place.


The purpose of this policy is to protect the information assets of NAPA and its customers and other stakeholders from threats, whether internal or external, deliberate or accidental. Protection of information is set out in terms of:

  • Confidentiality: ensures that only authorized people have access to information and they use the information in an appropriate manner
  • Integrity: ensures purity, accuracy, and completeness of the information
  • Availability: ensures that authorized people have access to information, associated assets, and systems when required
  • Regulatory compliance: includes regulations, laws, and codes of practices applicable.

Implementing information security


Everybody at NAPA, including external employees, shall have a good understanding of the information security policy and perform their duties to maintain information security accordingly. All staff has a responsibility to report any information security incidents and identified vulnerabilities.

Risk assessment

Information security risks are assessed and analyzed regularly based on their business impact. The risk assessment needs to be also considered when setting up new systems and whenever significant changes occur that affect the criticality of operations.

Information security training

We shall provide education in information security to all Naparians to ensure that the importance of information security is understood and exercised effectively.


We shall comply with laws and regulations governing information security and honor contracts and agreements with customers, partners, suppliers, and other contractual parties as a credible company committed to fulfilling its social obligations and responsibilities. We shall maintain the confidentiality, integrity, and availability of information that we own by implementing proper security measures that have been set in place. All the data received and classified as confidential or secret shall never be compromised.


We shall proclaim the above-mentioned activities and arrangements to all Naparians and shall enforce, review and improve them on an ongoing basis.

Towards excellence

Information security is systematically built into our operations. NAPA management and personnel are committed to continuously improving the information security of our services, solutions, and processes. The NAPA Group risk-based information security management system covers all the products, business areas, and corporate operations globally. It complies with all the requirements for information security management systems in the ISO 27001:2013 standard.