top of page

Information Security Management System (ISMS) Policy

Effective Date: November 7th, 2025
Version: 1.0
Approved by: Executive Management
Next Review: November 7th, 2026

​

1. Policy Statement

TMS Services and Solutions Limited (“TMS”) is committed to ensuring the confidentiality, integrity, and availability of all information assets, whether belonging to the organization, its clients, partners, or stakeholders, through the establishment, implementation, and continuous improvement of an Information Security Management System (ISMS) aligned with ISO/IEC 27001:2022 standards.

This ISMS Policy supports our core mission: delivering high-quality ATM maintenance, vendor management, and technology deployment services across Africa in a secure, reliable, and compliant manner.

​

2. Scope

This policy applies to:

  • All employees, contractors, field engineers, and third-party service providers

  • All information systems, hardware, software, mobile devices, applications (e.g., MainTrak), and data assets owned or managed by TMS

  • All business operations, including ATM servicing, software deployments, and customer support services

  • All physical sites, including headquarters, regional offices, and customer premises

​

3. Information Security Objectives

Aligned with our business goals, TMS sets the following measurable ISMS objectives:

  • Achieve and maintain ISO/IEC 27001 certification

  • Ensure 100% of corporate devices enforce secure access with MDM and 2FA

  • Maintain zero major data breaches annually

  • Ensure 100% employee participation in mandatory information security training

  • Perform quarterly audits on access logs, user activity, and incident logs

​

4. Leadership Commitment

TMS executive leadership is fully committed to the development and effectiveness of the ISMS by:

  • Providing appropriate resources and training

  • Leading by example in adherence to security practices

  • Setting clear roles and responsibilities across the organization

  • Regularly reviewing ISMS performance and risk posture

​

5. Key Principles

TMS ISMS is governed by the following principles:

  • Confidentiality: Ensuring sensitive information is only accessible to authorized individuals

  • Integrity: Safeguarding the accuracy and completeness of information and systems

  • Availability: Ensuring information and services are available when needed

​

6. Risk Management Approach

TMS adopts a risk-based approach to information security by:

  • Identifying, assessing, and treating risks to information assets through structured risk assessments

  • Applying risk treatment plans proportionate to the identified risk

  • Performing regular reviews and updates of the Risk Register and Statement of Applicability (SoA)

​

7. Access Control & Authentication

  • All systems are protected using Role-Based Access Control (RBAC)

  • Two-Factor Authentication (2FA) is enforced across Google Workspace, MainTrak, and other critical platforms

  • Only authorized personnel are granted access to sensitive systems and client environments

  • Access rights are reviewed quarterly and immediately revoked upon role change or departure

​

8. Asset Management

  • All digital and physical assets (devices, servers, applications) are catalogued, tagged, and regularly reviewed

  • Company-owned devices are managed through Google Workspace MDM and must comply with encryption, screen lock, and location tracking policies

  • Unauthorized devices are prohibited from accessing the corporate network

​

9. Information Classification

TMS classifies information into the following categories:

Classification

Description

Handling Rules

Public

No restriction on disclosure

Internal approval before publishing

Internal

For employee use only

No external sharing

Confidential

Client, financial, or personal data

Must be encrypted and access-controlled

Restricted

Critical business or OEM data

Admin-only, access logged

​

10. Supplier & OEM Security

  • TMS partners (e.g., OEMs like TMS Global, Trusted Security Solutions) are evaluated for information security compliance

  • All deployments are done on-premises with no post-deployment access or client data storage

  • TMS ensures secure handover and confirms the solution is client-managed post-deployment

​

11. Employee Responsibilities

All employees, engineers, and contractors are expected to:

  • Understand and comply with this policy and all ISMS-related procedures

  • Report security incidents or suspicious behavior immediately

  • Participate in annual security awareness training

  • Protect company devices, credentials, and information at all times

​

12. Incident Management

  • All incidents must be reported through the designated Incident Response Team (IRT)

  • Incidents are triaged by severity, logged, and investigated

  • Incident logs are reviewed monthly for patterns and root cause analysis

​

13. Monitoring & Logging

  • All systems generate logs that are monitored by authorized administrators

  • Audit trails are retained for a minimum of 12 months

  • Suspicious activity (e.g., failed logins, abnormal device activity) triggers real-time alerts

​

14. Business Continuity & Backup

  • TMS maintains a Business Continuity Plan (BCP) with data backup and service restoration procedures

  • Backups are encrypted and stored in secure offsite locations

  • The BCP is tested bi-annually

​

15. Policy Review

This policy will be:

  • Reviewed annually or upon major changes in business, technology, or regulations

  • Updated based on feedback from internal/external audits or security incidents

  • Communicated to all relevant internal and external stakeholders

​

16. Compliance & Enforcement

Violations of this policy may result in:

  • Disciplinary action, including termination for employees

  • Termination of contract for vendors or third parties

  • Legal action in accordance with applicable Nigerian and international law

​

17. Contact & Feedback

For any questions or reports related to information security, please contact:

TMS Information Security Officer
Email: support@tmsservicesolutions.com
Phone: +234-909-000-0853

​

Statement of Commitment

We, the management of TMS Services and Solutions Limited, affirm our full commitment to information security and to achieving and maintaining ISO/IEC 27001 certification as a mark of our dedication to our clients, partners, and regulators.

©2022 by Transmarket Solutions Limited.

bottom of page