Professional Documents
Culture Documents
Objective
What is ISO 27001? Information Security Data Classification Physical Security Clear Desk & Clear Screen Policy Data Security Acceptable use of email, internet resources Incident Reporting
An Information standard
Encompasses all types of information
Whatever form the information may take, or means by which it is shared or stored, it should always be appropriately protected (ISO17799:2000)
Clauses 8, Control Groups 11, Controls -134
Certifiable
Internationally recognized Risk-management based
Firstsource 2007 | confidential | May 20, 2012 | 3
Information Security
Information is an asset to all individuals and businesses. Information Security refers to the protection of these assets in order to achieve:
i) Confidential
ii) Integrity
iii) Availability
Information Security
Confidentiality
Protecting sensitive information from unauthorized disclosure or interception.
Availability Ensuring that information and vital services are available to users when required.
Integrity
Safeguarding the accuracy and completeness of information
Data Classification
Secret
Contains highly sensitive, strategic Firstsource information that is material, non-public.
Examples
Financial forecasting and planning information Earnings estimates Major litigation information Information on acquisition or merger plans
Highly Confidential
Contains personal data regarding Firstsource personnel or sensitive information about project/client data.
Examples
Benefits, employee earnings, payroll data Performance feedback forms Social security numbers, home addresses and telephone numbers Health information Client lists and contact information Preferences, opinions and intentions regarding any individual Client billing information Clients architecture diagrams Business development tracking information
Data Classification
Confidential
Contains Firstsource, client and some personal data which is marked confidential, known to be confidential or is not generally available to the public.
Examples
Employee phone or voice mail directory Organization charts Market offering information Asset-based solutions Internal meeting presentation materials Project deliverables
Unrestricted
Examples
Company advertising literature once it has been used Data contained on http://www.Firstsource.com/
Physical Security
Physical controls
Display
Physical controls
Escort
Physical controls
Display
Do
not be chivalrous and open doors for others. It is mandatory for everyone to flash their access cards whenever you enter or leave a floor. Disable access cards of resigned employees immediately.
Firstsource 2007 | confidential | May 20, 2012 | 7
visitors at all times They do not belong to Firstsource India BPO and no information is Public here loss of access cards immediately this will prevent unauthorized access using your card.
Report
Handle
ex-employees as
visitors
Ensure
the danglers in your cars for identifying as Firstsource India BPO employees Do Not record information using stateof-the-art mobile phones or other recording equipment Do not use personal computing device or equipment e.g. laptops, USB drives, CDs etc
Log out of Windows or invoke the password protected screen-saver by pressing Ctrl-Alt-Del on the Keyboard, and selecting Lock Workstation prior to leaving the computer
Include disclaimers while sending confidential fax messages. Exchange information with other Firstsource entities or third party organizations through approved courier agencies.
Verify your recipients identity before discussing confidential information over the phone.
Remove any Firstsource confidential Information Pin-up from the workspaces Save client related documents on PC hard disks Access Confidential information without business need
Data Security
All Documents should be labeled. Clear boards and charts after any meeting. Ensure all confidential, high confidential documents are shredded immediately after use. Any loose paper left unattended on desk will be shredded without any warning. User should ensure they have unique and identifiable ID and passwords for all applications they might use for their official work Should promptly follow the password policies of Firstsource and where applicable those of client In case of Login trouble to any application, user should always contact Helpdesk. Should not share others ID / Passwords User is accountable to all activities done on Firstsource systems using his / her IDs Avoid discussing sensitive and confidential information in open workspaces and public places like: Airports, Restrooms, Restaurants, Elevators.
Do not respond to spam e-mail or forward it to others. Delete spam without opening. Turn off the Microsoft Outlook preview pane before deleting spam messages. Do not request removal from the spammer's distribution list, even if this option is offered. Do not use Firstsource e-mail for non-business-related purposes. Be judicious of the websites you access and never browse a site that contains inappropriate material. use caution when creating rules to avoid discarding important messages.
Incident Reporting
What is a security incident?
Any
All physical Security Incident should be reported to Local F&S Helpdesk. For BCP related Queries , contact your supervisors or India BPO BCP Team
All Information Security Incidents should be reported to Centralized Technical Support Desk on 5555 & or Send email to Information.security@firstsource.com
All HR related Incidents should be reported to HR Helpline on 6666
Pre-Assessment Audit June 1/2, 2006 Stage 1 Audit (Document Review) June 6/7,2006 Certification Audit June 13/14, 2006
THANK YOU
Firstsource (NSE: FSL, BSE: 532809, Reuters: FISO.BO, Bloomberg: FSOL@IN) is a global provider of BPO (business process outsourcing) services headquartered in India. Firstsource provides customized business process management to global
leaders in the Banking & Financial Services, Telecom & Media and Healthcare
sectors. Its clients include Fortune 500 Financial Services, Telecommunications and Healthcare companies. Firstsource has a global delivery model with operations in India, US, UK, Argentina and Philippines. (www.firstsource.com)