SINIORA has adopted an information security policy to protect its sensitive information assets from unauthorized access, use, disclosure, disruption, modification, or destruction. The policy outlines roles and responsibilities for various stakeholders, including the Information Security Steering Committee, and defines procedures for reporting non-compliance issues and technical compliance checking. It also emphasizes the importance of protecting information assets and requires all personnel to adhere to the policy when handling sensitive information. Additionally, the policy addresses the protection of information systems audit tools and requires the IT Department to seek legal advice on compliance with relevant laws and regulations before implementing cryptographic controls or moving encrypted information to another country. Finally, the policy calls for an annual IT and information security audit plan to be developed and approved by management.