The purpose of Information Security Management is to protect ITAG Business Solutions Ltd. from all threats, both internal as well as external, whether intentional or accidental. The implementation of this policy is important to maintain the confidence of the clients in the company & maintain our goodwill & reliability.

We will evaluate and prioritize the risk in terms of identification of assets, identification of threats, associated vulnerabilities and probability of occurrence as per Procedure on Risk Assessment and Control & Objective Setting (PR-07). Management will authorize the acceptable level of risk and the residual risk after implementation of the controls. Management will also approve the risk assessment methodology. We shall fully support the implementation of Information Security & will abide by the identified Information security controls as per the international standard ISO 27001. We shall seek certification of the developed ISMS from external agency.

The policy of ITAG Business Solutions Ltd. is that:

• The information provided by the customers will be protected against unauthorized access
• Confidentiality of Customer database will be maintained
• Security of customer contracts & customer requirements will be met
• Integrity of information will be maintained
• Availability of information to customers when needed
• Regulatory and legislative & other business requirements will be met
• Business continuity plans for Critical Processes will be produced, maintained & reviewed on regular basis
• Reporting of security incidents & weaknesses maintaining “Incident Management Control” for preventive and corrective actions
• Relevant training to be given to staff
• Risk will be identified and analysed on regular basis
• All employees and relevant external constituents will comply with ISMS policy developed and report security incidents
• To ensure that the information is –

• available in an effective manner and to the desired recipient
• handled in an efficient way
• protected against all odds.