1. Scope
This document is relevant to the management of Information Dynamics to know about the information aspects
2. Purpose
The intent of this document is to provide guidelines to the management of Information Dynamics on security of information.
3. Management Commitment to Information Security
• Management should set a clear policy line objectives and demonstrate support for, and to, information security.
• Steering committee should approve the information security policy, assign security roles and co-ordinate and review the implementation of security across the organization.
• Contacts with external security specialists or groups, like Nasscom should be developed to up with industrial trends, monitor standards and assessment methods and provide suitable liaison points when information security incidents
• Information security goals should be identified and integrated in relevant processes
• The effectiveness implementation of the security policy should be reviewed as part of Management Review Meetings
• Management should provide clear direction and visible management support for security initiatives
• The resources needed for information security should be provided
• specific and responsibilities for information security across the organization should be approved and assigned.
• ISM in-coordination with Human Resources department should ensure that the awareness plans & programs are initiated for all employee and contract employees to maintain information security awareness & awareness for reporting incidents and weaknesses
• The implementation of information security controls should be coordinated across the organization.
• ISM should ensure that periodic technical compliance is carried out.
• Contact local bodies and special interest should be maintained.
4. Management Responsibilities Employees
ensure that employees, contractors, and party users:
• Are properly briefed their information security roles and responsibilities prior to being granted access sensitive information or information systems;
