Information Security Policy


Information Security Policy

Information Security Management System Policy

The information Security policy is based on the ISO27001:2013 & ISO20000-1:2018 standard for information security management. This standard provides a structured approach to identify the broad spectrum of information security activities in life cycle of delivering of strategic information technology solutions, application management, enterprise consultancy and IT service management. The information security provides the framework for the protection of information and information assets. Implementation of structured information security program will provide more consistent protection of information and technology resources.

It is policy of Sapphire Consulting (Pvt.) Ltd. to create, maintain and continually improve the Information Security Management System and to adhere to ISMS practices in compliance with best practices required for Software development and information security needs of the customer. 

Sapphire Consulting (Pvt.) Ltd works within the framework of the legal requirements, while fulfilling the contractual obligation of the client. This is to ensure protection of its information security assets from all threats – internal or external, deliberate or accidental and natural disasters. Furthermore, with intend to achieve following, Sapphire Consulting (Pvt.) Ltd will ensure: 

  • Business requirements for availability of information and systems are met.
  • Confidentiality and integrity and Availability of information is maintained throughout the process flow.
  • All corporate assets (tangible/intangible) are located in a physically and logically secure environment.
  • Risks to all corporate assets (tangible/intangible) are assessed and against all risks appropriate 
  • Contingency and mitigation plans are defined.
  • Human resources are provided with conducive work environment, free from safety hazards.
  • All personnel are trained on information security procedures.
  • Physical, Logical and Remote access to all the corporate assets (tangible/intangible), information and physical locations is monitored and controlled. 
  • Business continuity plans are established, maintained, and tested and periodically and updated as needed.

This policy has been approved by the company management and shall be reviewed by the management in annual management review meeting.

ISMS policy Review Frequency
Policy will be reviewed annually in Management review meetings.

ISMS Objectives
Following are ISMS Objectives: The following goals are intended to be achieved:

  • To introduce and maintain a security structure within Sapphire Consulting Pvt. Ltd. capable of meeting all business requirements.
  • To ensure that confidentiality (unauthorized disclosure) of information declared as assets to the company is safeguarded through appropriate security arrangements 
  • To maintain the integrity and availability of information and vital services to users (company personnel and external parties) 
  • To define a mechanism for meeting all regulatory, legislative requirements and contractual obligations of Sapphire Consulting Pvt. Ltd.
  • To ensure that all staff remains well aware about their information security responsibilities and takes an active part in establishing a security culture within Sapphire Consulting Pvt. Ltd.