|
A company-wide approach to information security is established. |
|
Risk assessment is carried out for all information related assets considering potential threats to Confidentiality, Integrity and Availability of organizational information. The business impact against each threat will be assessed which will include losses related to customer, finance, image and business continuity. |
|
Legal requirements and other customer specified requirement related to information security are identified on continuous basis and they are complied with. |
|
All controls prescribed in ISO 27001:2005 standard are evaluated for applicability and suitable control measures are implemented. |
|
Information related assets including infrastructure and utilities are maintained to ensure their uninterrupted availability. |
|
Security of our network is ensured by conducting independent intrusion testing at appropriate frequency. |
|
Information security related tools and techniques are reviewed and adopted as found viable for implementation. |
|
All the employees are made aware about their information security related responsibilities including reporting of incidents. |
|
Appropriate actions are initiated for responding to internal and external complaints and queries about real or perceived non-compliance with this policy. |