- Information Security Policy Statement and Objectives
The information security policy of B2R is to exercise due care on a continuing basis to ensure the confidentiality, integrity, and availability of internal data and client information in line with B2R’s business requirements, taking into consideration contractual, security, legal & regulatory requirements.
B2R commits to establish & maintain an Information Security Management System (ISMS) to achieve this, and work towards continuous improvement of ISMS.
- Information Security Objectives
A. Information is secured and any unauthorizedaccess is prevented
B. Information is available on a need-to-know basis
C. Information is recoverable and accessible when needed
The Information Security Committee (ISC) within B2R ensures effective communication of this Information Security Policy Statement to all staff and relevant interested parties.
- Information Security: Overview of Implementation
An Information Security Management System (ISMS) has been implemented, to protect information from unauthorized access, use, disclosure, destruction, modification, disruption, or distribution. The Information Security Committee (ISC) comprising of CEO & Senior Leadership Team (SLT) bear the responsibility for establishing and maintaining the system and to ensure it is maintained through instruction and training of B2R’s personnel. Equally, each employee has a personal responsibility to implement and maintain this system. B2R has the responsibility to protect the physical information assets of the company as well as confidential data and intellectual capital owned by the company and its customers. These critical assets are safeguarded to mitigate any potential impact to B2R and its clients.
To achieve this objective, policies, procedures, and standards, have been created to ensure secure business practices are in place at B2R. Information security is a foundational business practice that is incorporated into planning, development, operations, administration, sales and marketing, as each of these business functions requires specific safeguards to be in place to mitigate the risk associated with normal business activities. B2R’s approach to secure information is :
● Establish & maintain an effective ISMS
● Deploy appropriate technology and infrastructure
● Create and maintain a security conscious culture withinB2R.
● Monitor & review to improve effectiveness ofISMS
The assets that are protected include Facility Premises, Computers (including peripheral equipment & data storage media), Communications equipment, Power, Water, Communications utilities (Internet & Phone), Data/Information, and Employees.
The following dimensions of security are addressed by the ISMS:
Physical security: personnel, premises & perimeter areas, and equipment at facility
Computer system security: CPU, peripherals, OS and data
Telecommunications security: Telecom equipment, personnel, transmission paths and related areas
Operational security: Environment control, power conditioning and other related procedures
Procedural security: IT support, and other related aspects
As part of ISMS B2R defines necessary/key controls for Asset Classification and Control, Personnel
Security, Physical and Environmental Security, Communications and Operations Management, Access Control, Business Continuity Management, Compliance (to law), and Review and Evaluation. Departmental targets/goals have been identified for relevant functions (IT, Admin, HR, Operations) which align to B2R’s Information Security objectives. Achievement against these objectives is periodically
reported by ISC.
Client applications hosted on Customer’s network are excluded from the scope of control. All applications and related security controls on the Customer’s network are managed by the client.
B2R complies with applicable laws and regulations on Information Security and Privacy. Periodic Risk Assessments, and Internal Audits are carried out, along with Management Reviews, to ensure that the ISMS is functioning effectively and continually improving.