Information Security Management System Policy
The information Security policy is based on the ISO27001:2013 & ISO20000-1:2018 standard for information security management. This standard provides a structured approach to identify the broad spectrum of information security activities in life cycle of delivering of strategic information technology solutions, application management, enterprise consultancy and IT service management. The information security provides the framework for the protection of information and information assets. Implementation of structured information security program will provide more consistent protection of information and technology resources.
It is policy of Sapphire Consulting (Pvt.) Ltd. to create, maintain and continually improve the Information Security Management System and to adhere to ISMS practices in compliance with best practices required for Software development and information security needs of the customer.
Sapphire Consulting (Pvt.) Ltd works within the framework of the legal requirements, while fulfilling the contractual obligation of the client. This is to ensure protection of its information security assets from all threats – internal or external, deliberate or accidental and natural disasters. Furthermore, with intend to achieve following, Sapphire Consulting (Pvt.) Ltd will ensure:
This policy has been approved by the company management and shall be reviewed by the management in annual management review meeting.
ISMS policy Review Frequency
Policy will be reviewed annually in Management review meetings.
Following are ISMS Objectives: The following goals are intended to be achieved: