June 19 2019
  • Accessibility Dropdown
    • A+
    • A 
    • A-
    • A
    • A
  • Social Medias
    • Facebook Page
    • Twitter Page
  • Sitemap
  • हिन्दी

Information Security Management System (ISMS)

"ECIL is committed to establish, implement, maintain and continually improve Information Security Management System (ISMS) within the context of its business objectives and in line with its vision, mission & values. Information Security is the responsibility of all personnel and adherence to ISMS shall involve every aspect of ECIL’s business activities.

Objectives and Scope of Information Security Policy

The overall objective of the Information Security Policy is to ensure confidentiality, integrity and availability of all information services extended to employees & customers within the context of ECIL.

The scope of the policy covers all information assets of ECIL in electronic form, which include computers, operating systems, software, storage media, information in electronic form as well as network related systems and services.

In this regard, a corporate Information Security Policy (ISMS-00) had been prepared with reference to the ISO 27001:2013 standard and was approved by Director (Technical). The Information Security Policy (ISMS-00) is the top-level Policy Document for all divisions & branch offices of ECIL.

Main elements of Information Security Policy:

  • To provide management direction and support for information security.
  • To establish a framework to manage information security within ECIL.
  • To ensure that employees and contractors meet their information security responsibilities.
  • To protect assets associated with information and information processing facilities.
  • To protect information by preventing unauthorized disclosure, modification, removal, or destruction of storage media.
  • To prevent unauthorized physical access & control digital access to information and information processing facilities.
  • To ensure that only authorized users gain access to systems, applications and services.
  • To make users accountable for safeguarding their own secret authentication information.
  • To prevent the loss, theft, damage, or compromise of equipment and the operational interruptions that can occur.
  • To protect information and information processing facilities against malware and prevent the loss of data and confidential information.
  • To record information security events and collect suitable evidence.
  • To protect the integrity of ECIL’s operational systems and prevent the exploitation of technical vulnerabilities.
  • To protect information in networks and to safeguard the information processing facilities that support them.
  • To protect information while it’s being transferred both within ECIL and between ECIL and external entities.
  • To ensure that security is an integral part of information systems and is maintained throughout the entire development & production lifecycle.
  • To ensure that information security incidents are managed effectively and consistently.
  • To make information security continuity an integral part of business continuity management.
  • To ensure that information processing facilities will be available during a disaster or crisis.
  • To comply with legal, statutory, regulatory, and contractual information security obligations and requirements.

ISMS Implementation

Information Security Management Systems (ISMS) is intended to establish a framework based on ISO 27001:2013 Standard to manage information security within ECIL and define what is expected from ECIL as an organization with respect to security of information systems. ISMS shall be put in place to control or guide human behavior in an attempt to reduce the risk to information assets by accidental or deliberate action.

In this regard, a well-documented strategy is being implemented as per the defined Information Security Policy to protect the information assets of ECIL from damaging actions by individuals, either knowingly or unknowingly, with minimum required restrictions on the acceptable usage of the assets. The detailed organizational set of information security policies & controls that have been implemented to support the ISMS objectives shall be published in ISMS Manual (ISMS-01) and communicated to all employees of ECIL.

The Chief Information Security Officer (CISO) is responsible for the creation, maintenance & update of ISMS documents. The Director (Technical) of ECIL shall approve ISMS documents prior to its release. The review & evaluation of ISMS documents shall be on an event-driven basis for reviewing its effectiveness, compliance to business process & technology changes and possible improvements.