"ECIL is committed to establish, implement, maintain and continually improve Information Security Management System (ISMS) within the context of its business objectives and in line with its vision, mission & values. Information Security is the responsibility of all personnel and adherence to ISMS shall involve every aspect of ECIL’s business activities.
The overall objective of the Information Security Policy is to ensure confidentiality, integrity and availability of all information services extended to employees & customers within the context of ECIL.
The scope of the policy covers all information assets of ECIL in electronic form, which include computers, operating systems, software, storage media, information in electronic form as well as network related systems and services.
In this regard, a corporate Information Security Policy (ISMS-00) had been prepared with reference to the ISO 27001:2013 standard and was approved by Director (Technical). The Information Security Policy (ISMS-00) is the top-level Policy Document for all divisions & branch offices of ECIL.
Information Security Management Systems (ISMS) is intended to establish a framework based on ISO 27001:2013 Standard to manage information security within ECIL and define what is expected from ECIL as an organization with respect to security of information systems. ISMS shall be put in place to control or guide human behavior in an attempt to reduce the risk to information assets by accidental or deliberate action.
In this regard, a well-documented strategy is being implemented as per the defined Information Security Policy to protect the information assets of ECIL from damaging actions by individuals, either knowingly or unknowingly, with minimum required restrictions on the acceptable usage of the assets. The detailed organizational set of information security policies & controls that have been implemented to support the ISMS objectives shall be published in ISMS Manual (ISMS-01) and communicated to all employees of ECIL.
The Chief Information Security Officer (CISO) is responsible for the creation, maintenance & update of ISMS documents. The Director (Technical) of ECIL shall approve ISMS documents prior to its release. The review & evaluation of ISMS documents shall be on an event-driven basis for reviewing its effectiveness, compliance to business process & technology changes and possible improvements.