SRM Accounting Solutions has an ethical obligation and a legal mandate to protect sensitive and personal information. Protecting this information from unauthorized viewing and copying is as critical to the operations, as is ensuring the confidentiality, integrity and availability of information resources and services. ISMS directs the philosophy and strategy for application of information security within the company to minimize the likelihood and potential impact from such threats.
Information Security Management Policy
Information Security Management Policy
Introduction
SRM Accounting is one of the India’s foremost providers of BookKeeping, Payroll Processing, Accounting and Taxation Services. SRM Accounting is the core of it service delivery capabilities and caters to customers across the globe. SRM Accounting has an ethical obligation, legal and official obligation to protect the substantial amount of sensitive personal and customer information it handle. Protection of this information from unauthorized access and use is a critical aspect of the operation of the organization, as are ensuring the confidentiality, integrity and availability of information resources and services. This information security management policy outlines the SRM Accounting approach to information security management. It provides the framework for describing the guiding principles and responsibilities necessary to safeguard company’s information systems.
Objective
The primary objectives of Information Security Policy are to:
- Proactively identify and mitigate security risks to the information assets on a continuous basis with respect to its identified context.
- Design,implement & monitor controls to safeguard Information assets taking into account, the legal, statutory, contractual and regulatory requirements.
- To ensure compliance to security requirements of SRM Accounting customer.
- To ensure continual improvement of the ISMS by effective feedback mechanism from interested parties (Management, users, customers, third party supplier,Industry benchmark).
ISMS Process
ISMS processes and controls shall be integrated with the organization’s processes and it shall be ensured through defined roles and responsibilities. User (employees and third party suppliers having access to SRM Accounting’s systems and information) shall be responsible to update themselves through awareness and internal training program on ISMS policies & procedures and ensure compliance to the same in their respective areas of responsibilities.
Metrics
The effectiveness and efficiency of the ISMS shall be reviewed on continuous basis to ensure set objectives are met. SRM Accounting shall develop its monitoring and measurement process enlisting.
- Key performance indicators (what needs to be monitored and measured)
- Frequency for measurement of each agreed indicator
- Roles and responsibilities
- Analysis of the measurement
- Reporting to relevant stakeholders The ISMS shall strive to improve its Information Security framework (Policies, Procedures & standards) by effective feedback mechanism from below sources but not limited to:
- Self-Assessment by risk owners
- Risk management
- Feedback from customers and third party suppliers
- Security Incident Management
- Internal Audit
- External Certification and surveillance Audit
- Client initiated audits
- Peer Industry benchmarking
Employees
Employees shall follow the ISMS policy instructions through procedures, standards and guidelines. All employees shall report security breach incidents, software malfunctions and security weaknesses as per the directive available in the ISMS policy and Security incident management procedure document. Employees are responsible to update themselves through awareness and internal training program about various ISMS initiatives, take active participation and help ISMS team to comply with ISMS controls successfully. Employees shall not tamper with security controls implemented by SRM Accounting. ISMS Policy Manual and Acceptable IT Usage Policy are applicable to all employees, third party personnel and subcontractor, who needs access to SRM Accounting assets (facilities, information, systems etc.). This document with approval from management reflects the INTENT, COMMITMENT & SUPPORT at the executive management level of Organization’s Management forum for successful implementation of Information Security Management System in the Organization.
Mobile & Tele-working Policy
- The users shall ensure safety of the company assets (laptop, smartphone, and authentication token) allocated to them at all times.
- Connecting to Organization’s network from remote location shall only be allowed through pre-defined authentication and authorization mechanism.
- User should not attempt to dial-in or connect to Internet using data card when they are connected to SRM Accounting’s network.
- Users shall ensure that while accepting visitor within the company premise, they should help the visitor declare any electronic media such as laptop, CD, hard drive,USB or flash drive. Laptops shall not be left on the desk or in the work area overnight. Users shall not leave laptop unattended in cars or in public area like airport and hotel lounge. Laptop shall not be checked-in as baggage.
- Depending upon work responsibilities, the user may be provided internet connection and accessibility of office mail through data card modem or /and GPRS (General Packet Radio Service) or/and Smartphone using Mobile device management solution.The controlled use of the service or facility shall be sole responsibility of the user and any liability arising due to inappropriate use will be of the user only.
- Only standard provision-able devices are allowed.The company provided Internet connectivity medium shall be used only for legitimate business purpose.
Social Networking and Social Media Sites Policy
Social networking sites are online virtual community on the internet sharing common interest or common attributes (like organization, friends, technology domains etc.). Some of the popular social networking sites are Facebook, Twitter, Yammer, LinkedIn, Flickr, YouTube, etc. These sites are gaining popularity and been used as efficient tools for knowledge sharing or opinion sharing on a subject or interest. However, improper use of these will lead to information security breach resulting into reputational or information loss. Some of the websites are blocked on SRM Accounting’s Internet Gateways & access is granted to users only with appropriate business justification and approval from relevant authorities.