Elastacloud Acora Logo

Information Security Policy

1. Purpose

The purpose of this policy is to ensure compliance with the ISO/IEC 27001: 2022 requirements and to ensure the commitment of ELASTACLOUD against all the applicable compliance requirements.

2. Scope

Applicable to all those who are part of ELASTACLOUD.

3. Privacy

Public.

4. Communication

To be communicated to all interested parties through appropriate means.

5. Policy Statement

We at Elastacloud are committed to put in place and proactively manage our Information Security Management System (ISMS) to protect the Confidentiality, Integrity and Availability of business information, information processing facilities and to provide a secure work environment to our employees and interested parties. We strive to continually improve our information security management system by periodically reviewing and updating our ISMS policies, framing our information security objectives and its associated controls in compliance with the applicable standards, changes in context, customer, statutory and regulatory requirements.

 

We achieve the above policy by adopting the following;

We have established an Information Security Steering Committee and Information Security Task Force to effectively manage and to provide support in achieving our information security objectives. We strive to develop and implement effective information security controls which suit the context of our organization from time to time by:

  • Assessing our information assets for the risks associated and managing the identified risk proactively.
  • Setting, reviewing, updating and analyzing the information security objectives periodically.
  • Monitoring and measuring the performance of our ISMS.
  • Ensuring appropriate level of awareness regarding our information security policy, topic specific policies, procedures and controls to our employees and the interested parties who are provided with the access to our information systems.
  • Manage all information security incidents through adopting appropriate incident management programs. 
  • Classifying all business and client information in compliance with the applicable requirements from time to time.
  • Controlling changes to information systems.
  • Providing information security awareness and education to employees and interested parties.
  • Continually adopting industry best practices and advancements in technology.
  • Complying with applicable legal, regulatory, contractual and other requirements.
  • Providing adequate resources required to manage and support effective implementation of this policy.
  • Preventing interruption to business processes by implementing Business Continuity Program.
  • Periodically reviewing this policy for its continued suitability and applicability.

All the interested parties are required to acknowledge their responsibility towards the set policy and to provide their feedback and contribution towards the achievement and improvement of our information security objectives.

 

6. References

  • ISO/IEC 27001: 2022 Clause 5.2
  • The Information Technology Act, 2000 
  • The Digital Personal Data Protection Act, 2023 
  • Any law of land applicable as per client contract