The purpose of this information security policy is to prescribe a mechanism that will assist in identifying, preventing, detecting, and correcting the compromise and misuse of the information and Information Technology infrastructure.
Information Security Management Policy
- The Compliance to all applicable laws and regulations and contractual obligations feasible to the organization.
- The fulfilment of need and expectation of interested parties like Customers, External Providers, Statutory and Regulatory bodies.
- The strength of internal control, prevent unauthorized and improper access to data.
- The appropriate protection of information assets and Confidentiality, Integrity and Availability of information at all times in the workplaces and processes.
- The information is not revealed to unauthorized third parties during the process of transmission or because of unintentional actions.
- All information security accidents or suspected security flaws have appropriate reporting mechanisms so that superiors are notified, and these incidents are appropriately investigated and handled.
- Secure delivery, reliable services for users and other interested parties who need confidence and assurance on the platform is fit for their purpose of sharing and working with sensitive information.
- The Efficient communication and management resources to meet Information security and Information Technology enabled service requirements.
- The Implementation of Information security management System Objectives that consider Information security, IT Enabled Services requirements following the results of applicable risk assessments and its associated mitigations.
- The awareness on the needs and responsibilities of Information Security Management requirements among our employees.
- The Adoption of efficient Information Security and Service Management System comprises manual and procedures which provide direction and guidance on Information Security Management matters relating to employees, customers, external providers and other interested parties who come into contact with organization and its associated activities.
- Defining the Information security principles to be adopted and followed within the company.
- Drive and initiate Information security awareness programs for all employees in the organization.
- Defining the roles and responsibilities of ICT users, system administrators, and other stakeholders.
- Providing a framework for implementing information security management within the defined scope.
- Raising awareness of security risks relating to information and ICT infrastructure used by everyone.
- Establishing a risk assessment methodology to identify and control the security of information.
- Reviewing information security audits and technical assessment reports.
- Providing secure solutions to the customer including their business understanding, contractual, regulatory information are secured by the toplevel management.
- Managing and reviewing business continuity procedures for all critical systems and processes of the IT Department.
- The Adoption of a forward-thinking approach on future business decisions, including the continual review of risks, it’s evaluation criteria which may impact on Information security management system.
- The consistency in meeting customer's expectations and continually improving the Information security management System Performance.