• (IN) +91-9015930406 , (UK) +44-2070973558
  • 418, Kakrola Housing Complex, ND-78

Information Security Management Policy

Information Security Management Policy

Cologne Internationals is obligated by ethics and law to safeguard sensitive and personal information. This protection involves preventing unauthorized access and duplication of information, which is essential to the company's operations. Ensuring the confidentiality, integrity, and availability of information resources and services is also crucial. To achieve this, the company follows the Information Security Management System (ISMS), which outlines the philosophy and strategy for applying information security to minimize the risks and potential impact of security threats.

Introduction

Cologne Internationals is a leading provider of Book Keeping, Payroll Processing, Accounting and Taxation Services in India, serving customers worldwide. As a responsible organization, Cologne Internationals has an ethical and legal obligation to protect the sensitive personal and customer information it handles. Unauthorized access to and misuse of this information can have severe consequences, which is why protecting it is a critical aspect of the company's operations. The confidentiality, integrity, and availability of information resources and services are equally important. This policy outlines the Cologne Internationals approach to information security management and provides a framework for describing the guiding principles and responsibilities necessary to safeguard the company's information systems.

Objective

The primary objectives of Information Security Policy are to:

  • Continuously identifying and addressing potential security risks to the information assets in a proactive manner, taking into account the relevant context
  • Develop, deploy and oversee measures to protect information assets while considering the applicable legal, statutory, contractual and regulatory obligations.
  • Ensure adherence to the security requirements of Cologne Internationals's clients
  • Ensure continuous improvement of the ISMS by gathering and utilizing feedback from relevant stakeholders such as management, users, customers, third-party suppliers, and industry benchmarks.

ISMS Process

The integration of ISMS processes and controls with the organization's processes shall be facilitated through clear delineation of roles and responsibilities. Users, including employees and third-party suppliers with access to Cologne Internationals's systems and information, are required to update themselves regularly through internal training programs and awareness initiatives on ISMS policies and procedures. It is their responsibility to comply with these policies and procedures in their respective areas of responsibility.

Employees

All employees of Cologne Internationals are required to adhere to the guidelines and procedures outlined in the ISMS policy to ensure the security of the organization's assets. In the event of security breaches, software malfunctions, or weaknesses, employees must report incidents according to the directives outlined in the ISMS policy and Security Incident Management Procedure document. Regular awareness and training programs will be provided to employees to update them on various ISMS initiatives and encourage their active participation in compliance with ISMS controls. Employees must not interfere with any implemented security controls. The ISMS Policy Manual and Acceptable IT Usage Policy are applicable to all employees, third-party personnel, and subcontractors who require access to Cologne Internationals assets. This document, approved by management, demonstrates the executive level's INTENT, COMMITMENT, and SUPPORT for the successful implementation of the Information Security Management System in the organization.

Mobile & Tele-working Policy

  • It is the responsibility of the users to safeguard the assets assigned to them by the company, such as laptops, smartphones, and authentication tokens, at all times to ensure their safety.
  • Accessing the organization's network from a remote location is permitted only through a pre-defined authentication and authorization process
  • Users are prohibited from attempting to establish an internet connection through a data card while connected to Cologne Internationals's network.
  • Users are required to assist visitors in declaring any electronic media, such as laptops, CDs, hard drives, USBs, or flash drives, and ensure their safekeeping while on the company premises. It is prohibited to leave laptops unattended on desks or work areas overnight, or in cars, airport lounges, hotels, or any public area. Additionally, laptops must not be checked in as baggage while traveling.
  • Users may be provided with internet connection, access to office mail, and mobile device management solution through data card modem, GPRS, or smartphone, depending on their work responsibilities. The user shall be solely responsible for the controlled and appropriate use of these services or facilities, and any liability arising due to inappropriate use will rest solely with the user.
  • Users are allowed to use only the standard devices that can be provisioned. The internet connectivity provided by the company should only be used for legitimate business purposes.

Social Networking and Social Media Sites Policy

Social networking sites such as Facebook, Twitter, Yammer, LinkedIn, Flickr, YouTube, and others are online communities where people with common interests or attributes can connect. While these sites can be useful for sharing knowledge or opinions, their improper use can lead to information security breaches and potential loss of reputation or sensitive data. Therefore, access to these sites is restricted on Cologne Internationals's internet gateways, and users can only access them with a valid business justification and approval from the relevant authorities.

MORE SECURITIES -