Information Security and Business Continuity Policy 

​

Purpose of this Policy: 

​

The purpose of this policy is to demonstrate management commitment to information security and business continuity and to provide overarching policy statements to which all supporting policies, standards, procedures, and controls must adhere.

 

Policy Statement: 

​

The Director and management of Dolanto Pty Ltd operate primarily in the business of AI-powered infrastructure assurance and strategic consulting for asset-centric organisations. We are committed to preserving the confidentiality, integrity, and availability of information and information-related assets, whether physical or electronic, required to achieve the organisation’s objectives. This includes the protection of personal information and “Personally Identifiable Information” (PII).

​

Dolanto’s Information Security Management System (ISMS) is certified to ISO/IEC 27001:2022 and provides a structured framework to identify, assess, treat, monitor, and continually improve the management of information security risks. Business continuity requirements are managed through Dolanto’s governance, risk management, and operational resilience arrangements and are aligned to recognised good practice (including ISO 22301:2019 principles where applicable).

​

Information security and business continuity requirements will remain aligned to Dolanto’s business objectives and will consider:

​

• internal and external issues affecting the organisation; and

• the needs and requirements of relevant interested parties.

​

​​Objectives: SMS objectives are established, maintained, and reviewed to support Dolanto’s strategic direction and to drive measurable improvement in information security performance and resilience.

​​

Risk Management and Controls: 

​

Dolanto maintains an approach to risk assessment and risk treatment that supports consistent identification and management of information security and business continuity risks. The Statement of Applicability and the Risk Treatment Plan describe the controls selected to address applicable risks.

​

ISMS governance is overseen by the ISMS Committee, chaired by the Chief Information Security Officer (CISO), with senior representation from appropriate parts of the organisation. The ISMS Committee is responsible for the oversight and maintenance of the Risk Treatment Plan, including assigning ownership of risk treatment actions to appropriate role holders. Additional risk assessments may be conducted where necessary, for example, for significant changes, new systems, suppliers, special projects, or material changes to operating context.

​

Control objectives are supported by documented policies and procedures and align to the control set in Annex A of ISO/IEC 27001:2022 and relevant business continuity requirements adopted by the organisation.

 

Roles, Responsibilities, Awareness and Compliance

​

All personnel and relevant interested parties within the scope of the ISMS must comply with this policy and supporting ISMS documentation.

Responsibilities for information security and business continuity are defined through role descriptions, contracts, and organisational procedures. The consequences of non-compliance are described in Dolanto’s Code of Conduct and supporting disciplinary processes where applicable.

​

Dolanto provides information security awareness training to relevant personnel and ensures that people in specialised roles receive appropriate role-based training. Communication forums (including ISMS communications channels and periodic governance meetings) are maintained to support awareness, engagement, and ongoing alignment with the ISMS.

​

Continual Improvement and Review

​

The ISMS is subject to monitoring, internal audit, management review, corrective action, and continual improvement in accordance with ISO/IEC 27001:2022 requirements.

​

This policy will be reviewed at least annually, and additionally when there are material changes to:

​

• the business and operating environment,

• applicable legal/regulatory requirements,

• risk assessments or the Risk Treatment Plan, or

• the systems, services, suppliers, or technologies used by Dolanto.

 

Scope

​

The scope of certification covers the development, operation, maintenance, and support of the cloud-based Smart Assurance software platform for contract, standard, and regulation assurance delivered to the enterprises and government clients, in accordance with the Statement of Applicability Version:0.5 Dated 09/10/2025.

​

Definitions

​

In this policy and within Dolanto’s ISMS documentation, “information security and business continuity” are defined as preserving:

​

a) Confidentiality
Ensuring information is accessible only to those authorised to have access and preventing deliberate or accidental unauthorised access to Dolanto information, proprietary knowledge, assets, and systems.

​

b) Integrity
Safeguarding the accuracy and completeness of information and processing methods by preventing deliberate or accidental alteration, destruction, or unauthorised modification of physical assets or electronic data.

​

c) Availability
Ensuring prioritised information and associated assets are accessible to authorised users when required. The environment must be resilient, and Dolanto must be able to detect, respond to, and recover from incidents or events that threaten availability within acceptable timeframes.

​

d) Information and assets
Information may be digital, printed, written, spoken, or transmitted by any means. Assets include information processing devices and services owned by Dolanto or approved for use (including BYOD where permitted) that process Dolanto-related information.

e) Business continuity
The capability of Dolanto to continue delivering products and services within acceptable timeframes at predefined capacity during a disruption.

​

Contacting Us: If you have any questions, concerns or complaints regarding this Privacy Policy or the handling of personal information, please contact:

 

• Contact: Chief Information Security Officer

• Email: hello@dolanto.com.au

• Phone: 1800 365 268

 

Complaints will be handled promptly and in accordance with applicable Australian obligations, including the Australian Privacy Principles where relevant.

​​