ISO/IEC 27001 alignment & information security governance

Note: This document describes PayBitt’s management intent and alignment with international practice. Unless we publish a formal certification statement for a specific scope, it is not a certificate of compliance or a guarantee of ISO/IEC 27001 certification. Operational detail appears in our Information Security Policy.

1. Purpose

PayBitt Technologies Limited (“PayBitt”) adopts the principles of ISO/IEC 27001:2022 (Information security, cybersecurity and privacy protection — Information security management systems — Requirements) and ISO/IEC 27002:2022 (Controls) as the baseline for designing, implementing, and improving our Information Security Management System (ISMS).

2. Scope

The ISMS applies to people, processes, and technology involved in developing and operating PayBitt’s payment technology platform, APIs, administrative consoles, merchant tooling, supporting infrastructure, and related third-party services where they process PayBitt or customer information. The scope explicitly includes confidentiality, integrity, and availability of payment-adjacent systems and personal data handled on behalf of users and partners.

3. Policy statement

PayBitt leadership is committed to:

• Protecting information assets against unauthorised access, disclosure, alteration, and destruction.
• Meeting applicable legal, regulatory, and contractual security obligations in the markets we serve.
• Maintaining risk-based controls proportionate to asset criticality and threat landscape.
• Continual improvement through monitoring, audits, incident response learning, and training.

4. Risk management

We identify information security risks in line with ISO 27001 Annex A themes (organisational, people, physical, technological controls), assess impact and likelihood, and treat risks through technical measures, contracts, procedures, or acceptance where justified and approved.

5. Roles

An Information Security function (or designated officer) coordinates the ISMS, advises product and engineering teams, manages vendor security reviews, and reports material risks to leadership. All staff and contractors with access to production or customer data complete security awareness training and follow acceptable-use rules.

6. Third parties

Cloud, connectivity, banking, and payment partners are assessed for security posture, contractual data-protection clauses, and incident-notification commitments before handling production workloads or regulated data flows.

7. Monitoring and review

We perform periodic control testing (including vulnerability management, access reviews, and log monitoring), internal reviews, and corrective actions for gaps. Certification against ISO/IEC 27001 may be pursued where it strengthens customer assurance; any formal certification scope and validity will be published separately.

8. Related documents

Information Security Policy · Business Continuity Management Policy · Privacy Policy

9. Contact

Security enquiries: security@paybitt.com · Legal: legal@paybitt.com