Information Security Policy

At Miracle Devs, information security is a foundational principle that supports our mission and operations. Our clients, collaborators, and partners trust us to safeguard their data, systems, and intellectual property — a responsibility we embrace with the utmost seriousness and commitment.

To preserve the confidentiality, integrity, and availability of the information we manage, Miracle Devs has implemented an Information Security Management System (ISMS) aligned with the ISO/IEC 27001:2022 standard. This ISMS includes a set of policies, procedures, controls, and continuous improvement mechanisms designed to mitigate risks and strengthen our organizational resilience.

Scope and Application

This policy applies to all personnel, contractors, service providers, and third parties with access to Miracle Devs' information assets, whether physical, digital, or logical.

All individuals are expected to understand and comply with the guidelines outlined in this document and the supporting policies that constitute the ISMS.

1. Inventory and Classification of Assets

All information assets — including devices, systems, software, source code, documentation, and databases — must be identified, inventoried, and classified according to their criticality and sensitivity. This ensures appropriate protection levels are applied based on business impact.

2. Access Control, Passwords and MFA

Access to information assets is governed by our Access Control Policy. Key principles include:

  • The use of strong passwords, aligned with secure password management practices.
  • The mandatory use of multi-factor authentication (MFA) for all systems where it is available.
  • Principle of least privilege and periodic review of access rights.

3. Protection Against Malware and Phishing

Company-managed devices include updated antivirus and endpoint protection tools. All personnel must:

  • Stay alert to phishing and social engineering threats.
  • Avoid opening suspicious links or attachments.
  • Report any suspected malicious activity to the Information Security team immediately.

4. Secure Development Practices

All development activities must adhere to our Secure Software Development Policy, which incorporates:

  • Secure coding standards and peer review practices.
  • Use of code analysis and vulnerability scanning tools.
  • Evaluation of third-party components for security risks.

5. Awareness and Training

Miracle Devs maintains a continuous training program to strengthen awareness of information security across the organization. Topics include:

  • Cyber hygiene and threat prevention.
  • Secure development lifecycle practices.
  • Compliance with internal policies and procedures.

6. Risk Management and Incident Response

Information security risks are continuously evaluated and managed through our risk assessment methodology. In case of a security incident, all employees and contractors must:

  • Immediately notify the Information Security department.
  • Refrain from making unauthorized remediation actions.
  • Cooperate with the incident response process to ensure swift resolution and learning.

7. Roles and Responsibilities

The Information Security Department is the governing authority responsible for overseeing the ISMS, investigating incidents, and maintaining compliance. However, security is a shared responsibility. Every individual with access to our digital assets must act with diligence, adhere to policies, and report any anomalies or concerns.

Final Statement

This Information Security Policy serves as a guiding framework. It is complemented by detailed operational policies, procedures, and technical controls applicable to each area.

By adopting secure practices, engaging proactively with our ISMS, and acting responsibly, we contribute to building a secure, resilient, and trustworthy company.

For questions, clarifications, or incident reports, please contact the Information Security team at: security@miracledevs.com