Information Security Policy
- Home
- Information Security Policy
Policy summary
ARInnovate (AR) takes information security seriously. We at AR understand that our professionals working for various clients might be provided access to sensitive information. Some of this information may also be regulated under different jurisdictions.
We at AR take all reasonable measures to protect sensitive client and candidate information stored within our network and handled by our professionals.
Applicability
This policy applies to all employees and contractors of AR. This policy also applies to third party employees working for the organization whether they are explicitly bound (e.g. by contractual terms and conditions) or implicitly bound (e.g. by generally held standards of ethics and acceptable behavior) to comply with our information security policies.
Responsibilities
AR Responsibilities
`Information Security is the shared responsibility of AR and clients. AR is responsible for
- Establishing and implementing reasonable measures to protect client information stored within AR network
- Provide periodic information security awareness training for our staff
- Conduct appropriate background checks for our staff
- Ensure the staff devices are patched and secured using appropriate anti-virus software
- Ensure that third parties employed by AR comply with AR’s information security policy
Client Responsibilities
Scope of AR’s information security measures is limited to AR staff having access to client information, securing the infrastructure that hold client information and taking reasonable measures to comply with client’s information security policies.
Detailed policy requirements
- Cybersecurity is largely a matter of mitigating cyber-risks through conventional information security controls, especially ICT security controls intended to prevent or mitigate (reduce) cyber-incidents.
- While conventional information security controls to prevent or mitigate cyber-incidents take priority, we must not neglect detective and corrective controls since cyber-incidents cannot be entirely negated. We are unlikely to identify and fully comprehend, mitigate or avoid all our cyber-risks in this dynamic area, hence cyber-incidents are almost inevitable.
- Detective cybersecurity controls include:
- Maintaining a widespread awareness of cybersecurity, coupled with policies and procedures for spotting, reporting and responding effectively and efficiently to possible or confirmed cyber-incidents;
- Effective IT system and network security monitoring, and responding to indications of possible or actual cyber-incidents as effectively and efficiently as possible;
- Management assessing and responding to reports of cyber-risks, cybersecurity events, incidents, suspicions etc. including relevant metrics.
- Corrective cybersecurity controls include:
- Business continuity management involving the adoption of appropriate resilience, recovery and contingency measures to protect critical business activities, including the associated ICT, against excessive interruptions;
Further information
For any queries on our information security policy or know more, please reach out to us through grow@arinnovate.io.