Information security Policy Statement
Onward Technologies Limited (OTL) understands the Information Security needs and expectations of its interested parties both within the organization and from external parties including clients, suppliers, statutory and regulatory agencies.
Confidentiality, Integrity and Availability of information in Information Security Management are integral parts of its management function.
Information security policy is aligned to the requirements of ISO/IEC 27001: 2013; the Company is committed to:
The implementation of this policy is important to maintain confidentiality, integrity and availability of OTL’s information assets.
OTL shall strive to ensure that:
- Information will be protected against unauthorized access.
- Confidentiality of information will be maintained.
- Information will not be disclosed to unauthorized persons through deliberate or careless action.
- Integrity of information through protection from unauthorized modification.
- Availability of information to authorized users when needed.
- Regulatory and legislative requirements will be met.
- Business continuity plans will be produced, maintained and tested as far as practicable.
- Information security training will be available to all employees.
- All suspected breaches of information security will be reported and investigated.
- Risks will be mitigated to acceptable level though Risk Assessment exercises.
Information security requirements for Suppliers / Partners
- Information transfer modes between OTL and Supplier / Partner shall be pre-approved by the OTL management at the time of project award.
- Partner shall not forward / share OTL’s proprietary information, OTL’s without approval from OTL.
- Supplier / Partners shall not share contact information of OTL’s Personnel to their sub-Partners.
- Use licensed software’s.
- Do not use Pirated software
- Do not share files through untrusted freeware.
- Supplier / Partner shall sign NDA before sharing any information with OTL.
- Changes in Information processing, storing and transmitting (Major IT Equipment changes) at Supplier / Partner end shall be communicated to OTL in timely manner.
- Supplier / Partner will implement and maintain technical and organizational measures to protect OTL Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access
- Should not further engage any third party (sub-processor) without written permission of OTL.
- Supplier / Partner shall ensure that any person who is authorized by Partner to process OTL Data (including its staff, agents and Sub processors) shall be under an appropriate obligation of confidentiality.
- Supplier / Partner shall ensure that its personnel engaged in the Processing of Personal Data are informed of the confidential nature of the Personal Data, have received appropriate training on their responsibilities.
- Supplier / Partner shall ensure that Suppliers / Partner’s access to Personal Data is limited to those personnel performing Services in accordance with the Agreement.
- Upon becoming aware of a Security Incident, Supplier / Partner shall notify OTL without undue delay within 24 hours and shall provide timely Notification relating to the Security Incident as it becomes known or as is reasonably requested by OTL.
Note: Not meeting the OTL ISMS requirements may lead to termination of Contract or legal actions.