Information Security Policy
We, at Chisquare (CS) Labs Pvt Ltd recognize the importance of information security and will establish and maintain an effective ISMS to manage information security risks. We also understand that the Information Security is the responsibility of everyone in the organization.
This policy outlines the Information Security Management System (ISMS), based on ISO 27001:2022 standard, that will be implemented by CS to ensure the confidentiality, integrity, and availability of our information assets. This policy applies to all employees, contractors, third-party vendors, and any other personnel who have access to CS information assets.
The information security objectives shall be established at relevant functions and levels based on the detailed objectives and their implementation as updated in the ISMS manual (uploaded in the internal HR tool for everyone’s reference). The respective Team Leads or Cluster Heads are responsible for achieving the Information Security Objectives within their verticals. The objectives relevant for customers and vendors shall be established in the respective contractual agreements and the responsibilities of such third parties shall be clearly defined in such contracts.
We shall achieve the effective implementation of ISMS by ensuring that:
- Information assets and IT assets are protected against unauthorized access.
- Information is not disclosed to unauthorized persons through deliberate or careless action.
- Information is protected from unauthorized modification.
- Information is available to authorized users when needed.
- Applicable regulatory and legislative requirements are met.
- Disaster recovery plans for IT assets are developed, maintained, and tested as far as practicable.
- Information Security and other Topic Specific Policies and Procedures shall be drafted, communicated and readily available to all personnel accessing CS information. All Information security policies will be reviewed periodically.
- Periodic review of the established risk management process.
- Continual improvement of the effectiveness of established ISMS.
- Information security training is imparted to all IT users.
- All breaches of information security are reported and investigated based on Incident Response Plan.
- Violation of policies or contracts are dealt with a disciplinary action.
The Information Security Team shall have the responsibility to create, review and implement Information Security Management System (ISMS). All stakeholders and members of Chisquare Labs Pvt Ltd are directly responsible for ensuring compliance with the policies.