|
Information Security Management System (ISMS)
SIP is certified for Information Security Management
System (ISMS) under ISO 27001 since March 2007.
SIP initiated ISMS implementation to ensure security of
data, both physical and soft copies, in terms of
availability, integrity and confidentiality. Information
security provides comfort to the project clients, who
share their valuable data with SIP during the project
execution.
As part of the ISMS, SIP implements and continuously
monitors systems covering the following areas –
-
Classification and labeling of information assets,
both physical and soft copies
-
Risk evaluation and mitigation plan for each
information asset
-
Continuous training of employees / third party
agencies on do’s and don’ts
-
Enhance physical security within the office premises
-
Business continuity plan to address any possible
disasters
-
Robust ICT
infrastructure by ensuring
-
User access management
-
Adequate back-up policy
-
Firewall and patch management
-
Analysis of logs to detect security incidents
-
Vulnerability detection
-
Capacity planning to ensure adequate resources
|
The ISMS systems and procedures are fine-tuned through
regular internal audits and reviews by the ISMS steering committee. The
successful implementation of ISMS has become possible largely due to the
training of all the employees and their pro-active participation to the
initiative.
|
