Strict Adherence to Internationally Recognized Security Management Standards
The Infopulse-developed Information Security Management System (ISMS) is fully compliant with the ISO 27001:2013 standard.
This standard provides a model to establish, implement, operate, monitor, review, maintain, and improve a documented ISMS within the context of the overall business risks.
The ISMS is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties.
Being a part of Unified Business Management System of Infopulse, ISMS is operated by qualified security managers (CISM, CISA, CISSP, PCIP) in the technology environment based on Microsoft SharePoint and Infopulse ShareProcess.
Infopulse Information Security Policy is the core document which defines the framework of ISMS.
The following processes are implemented in the Corporate Information Security Management System:
- Access management (logical & physical)
- Information security incident management
- Risk management
- Business continuity management
- Asset management
- Documentation and data classification and management
- Communications and operations management (*)
- Human resources security management
- Information systems acquisition, development and maintenance
- External parties management
- Compliance with legal requirements
- Awareness program
(*) including operational procedures and responsibilities, third-party service delivery management, system planning and acceptance, back-up, network security management, monitoring and audit
The company executive management is responsible for ensuring that all employees understand their liability and exercise all internal regulations related to security and IPR protection. Regular trainings are provided to the company employees with the focus on these topics. Each employee regularly passes the security exam.
Business continuity is maintained to ensure continuous operations of delivered services. Business Continuity Plan and Service Recovery Procedures are implemented for quick and effective response to service disruptions. Redundancy strategy is implemented (data backup, backup power generators, fault-tolerant design for IT and network equipment, 2 internet channels, equipment cold reserve, vendor equipment support). Business Continuity Management is aligned with best practices.
Physical security is provided for HQ and all delivery locations with a 24/7 security guard. The premises are protected with a state-of-the-art access control system, CCTV VoIP, and other security systems. Procedures for visitor attendance, access card management, and event handling are in place.
Security checkpoints are integrated into the IT Service management and Project management processes.
Operational security is supported by a dedicated incident response team.