| |
Purpose
The purpose of the Policy is:
- To protect the information assets of the
Company, our Customers and Suppliers from
all threats, whether internal or external,
deliberate or accidental.
- To identify through risk assessment, the
value of information assets, to understand
their vulnerabilities and the threats that
may expose them to risk.
- To manage the risk to an acceptable level
through the design, implementation and maintenance
of a formal Information Security Management
System.
- To comply with any customer/supplier contract
conditions relating to Information security.
Objective
The objective of information security is to
ensure business continuity and minimize business
damage by preventing and minimizing the impact
of security incidents.
Authority
The IS Security Forum has approved Information
Security Policy.
Policy
- It is the Policy of the Company to ensure
that:
- Confidentiality of information is assured;
- Information is not disclosed to unauthorised
persons through deliberate or careless
action;
- Integrity of information is maintained;
- Availability of Information is assured
to authorised users when needed;
- Business Continuity Plans are produced,
maintained and tested;
- Regulatory and legislative requirements
are met;
- Information security training is given
to all staff;
- All breaches of information security,
actual or suspected, will be reported
to, and investigated.
- An Information Security Manual shall be
written to support this statement and shall
contain specific policies for different areas
such as physical security, logical security,
employee code of conduct, e-mail use, back
up of data and programs, use of notebook computers,
virus control, firewall, network scanning,
intrusion detection, telecommuting, laboratory
use, etc.
- Procedures shall be written to support
the policy.
- Business requirements for the availability
of information and information systems will
be met.
Responsibility
- The Information Security Forum owns and
reviews this policy.
- The Information Security Manager has direct
responsibility for maintaining the Policy
and providing advice and guidance on its implementation.
- The Security Administrators are directly
responsible for implementing the Policy within
their business areas, and for adherence by
their staff.
- Managers are responsible to ensure compliance
with this policy within their area of responsibility.
- HR Manager is responsible to obtain the
annual confidentiality/secrecy statement from
all employees.
- It is the responsibility of each member
of staff to adhere to the Policy.
- It is the responsibility of each member
of staff to report security incidents and
any identified weaknesses.
Scope of the ISMS
The management of information security of the
business in the provision of Internet security
products, professional services and consultancy.
Disciplinary Action
Any deliberate act to jeopardize the security
of information that is the property of the Company,
customers, suppliers, contractors and other
organizations connected to our network will
be subject to disciplinary and/or legal action
as appropriate.
Review
This information security policy statement
will be reviewed regularly (usually every year)
and in case of influencing changes, to ensure
that it remains appropriate for the business
and our ability to server our customers.
Signed:
Mr. Harish Kunnath
Managing Director
Date: 19th September, 2001
|
|