Management System Policy

Company Name: MDOTM
Effective Date: 03/12/2024


Date: 05/12/2025
Description: N/D
Author: Anna Impedovo
Approved by: Federico Invernizzi

Field of Application

This policy outlines the commitment and framework for MDOTM's Information Security Management System (ISMS). It applies to all information assets, technology, processes, and personnel within the organization. The purpose of this document is to establish the strategic direction for information security, ensuring the protection of company and client data in the provision of AI-driven investment solutions and to comply with the requirements of ISO/IEC 27001.

Regulatory References

●     ISO/IEC 27001:2022

Terms and Definitions

●      Availability: The property of being accessible and usable on demand by an authorized entity.

●      Confidentiality: The property that information is not made available or disclosed to unauthorized individuals, entities, or processes.

●      Information Security Management System (ISMS): A set of policies and procedures for systematically managing an organization's sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach.

●      Information security risk assessment: The process of identifying, analyzing, and evaluating information security risks to the organization.

●      Integrity: The property of safeguarding the accuracy and completeness of assets.

Roles and Responsibilities

●      Top Management: Establishes and supports the information security policy, ensures alignment with strategic business objectives, and promotes a culture of continual improvement for the ISMS.

●      Chief Executive Officer: Ensures the company's strategic direction for information security is aligned with its business goals and provides overall leadership for the ISMS.

●      Chief Technology Officer: Oversees the implementation of risk management processes and ensures that technological strategies align with the information security policy.

●      HR Manager: Manages the communication of this policy and related information security responsibilities to all company personnel.

Management System Commitment and Objectives

MDOTM provides AI-driven investment solutions for institutional investors, developing advanced platforms to support decision-making and optimize financial strategies. Recognizing the critical importance of information security in the Fintech sector, Top Management is committed to establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS) compliant with the requirements of ISO/IEC 27001.

This policy is established by Top Management to be appropriate for the company's purpose and strategic direction, as detailed in the "Context analysis" document. It serves as the foundational directive for all information security activities within the organization.

Principles and Commitments

The Chief Executive Officer shall ensure that the company's strategic direction for information security aligns with its business goals. To support this, MDOTM commits to the following principles:

●      Compliance with Requirements: MDOTM shall identify and satisfy all applicable legal, statutory, regulatory, and contractual requirements related to information security.

●      Confidentiality, Integrity, and Availability: MDOTM shall protect its information assets and those of its clients and partners from all threats, whether internal or external, deliberate or accidental. This commitment extends to ensuring the confidentiality, integrity, and availability of all information processed by its systems, including the "Sphere" platform.

●      Risk-Based Approach: Information security decisions shall be based on a structured process of risk assessment and treatment. The "Chief Technology Officer" shall oversee the implementation of risk mitigation strategies in alignment with the "PRO Risk management procedure".

●      Continual Improvement: Top Management shall promote a culture of continuous improvement for the ISMS. The effectiveness of the system shall be periodically evaluated through the "PRO Management Review Process" to ensure its ongoing suitability and adequacy.

●      Shared Responsibility: Every employee and contractor has a role in protecting information. All personnel are required to adhere to the principles of this policy and the broader ISMS, as outlined in the "Code of conduct".

Information Security Objectives

Top Management shall establish and maintain information security objectives at relevant functions and levels within the organization. This policy provides the strategic framework for setting these objectives.

●      The process for defining, planning, monitoring, and reviewing objectives is detailed in the "PRO Objectives and planning for their achievement" procedure.

●      Objectives shall be consistent with this policy, measurable, and aligned with the goal of continually improving the ISMS.

●      Progress toward achieving objectives shall be monitored and reported as part of the management review.

Communication and Availability

This policy shall be managed as official documented information in accordance with the "PRO Documented information management procedure".

●      The "HR Manager" shall ensure this policy is communicated to all new and existing personnel.

●      This policy shall be made available to all employees and contractors through the company's internal wiki.

●      To ensure transparency with stakeholders, this policy shall be made available to relevant interested parties, as deemed appropriate by Top Management, on the official MDOTM website.

Archiving and Updates

This document is managed as part of the company's official documented information. It is reviewed at least annually, or upon significant changes to the organization's context or risk landscape, to ensure its ongoing suitability, adequacy, and effectiveness. Updates are approved by Top Management and communicated to all relevant parties.

Reference Documents

●     Context analysis

●     PRO Riskmanagement procedure

●     PRO Management Review Process

●     Code of conduct

●      PRO Objectives and planning for their achievement

●     PRO Documented information management procedure

MDOTM Ltd
MDOTM Ltd. is the global provider of AI-driven investment solutions for Institutional Investors. Founded in London in 2015, the company has a team of over 100 physicists, data scientists, engineers, and finance professionals.  MDOTM Ltd. provides Portfolio Advisory and Asset Allocation services to Banks, Insurance Companies, Family Offices, Pension Funds, Wealth and Asset Managers. Financial institutions across the UK, Europe, and the US leverage MDOTM Ltd.’s advisory and its AI platform to support their investment process.
New York | London | Milan
Solutions
AI-Driven Investment InsightsPortfolio Rebalancing At ScaleStoryFolioUse Cases
Research
BlogInsightsNewsroom
Company
About UsCareersContacts
UN Principles for Responsible InvestmentAI Fintech 100 logoWealthtech 100 logo
Information
Security Policy
Management
System Policy
Private
Research Access
Privacy
Policy
Terms &
Conditions
Cookie
Policy
Book a Custom Demo Today.

Get in touch or talk with our customer success. We will walk you through a personalised version of Sphere and show how you can leverage it in your investment process.

BOOK A DEMO

MDOTM Ltd (FRN: 824056) is an appointed representative of Thornbridge Investment Management LLP (FRN: 713859) which is authorised and regulated by the Financial Conduct Authority.