ISMS Policy

Information Security Management System Policy

Sparksupport is committed to maintaining high-quality standards in delivering timely and cost-effective solutions to our customers by continual improvement of our processes, instilling quality consciousness amongst all employees, and recognizing the confidentiality, integrity, and availability of information assets to relevant stakeholders including our customers. Risk management will be done as per ‘ISMS-Risk Assessment & Risk Treatment Procedure’ and the risk will be evaluated based on asset value, threat, and vulnerabilities. If the risk value is high, adequate controls will be implemented.

For Sparksupport

CEO CTO

Action Guideline:

  • 1. Sparksupport prevents leakage, destruction, and illegal use of all information relating to the customers, vendors, management etc. and builds the system to secure the confidentiality, integrity and availability of the information for daily operations.
  • 2. Company recognizes the value of the private information of all staff and secures it.
  • 3. Sparksupport establishes a contingency plan to secure continuation of the business, assuming occurrences of a natural disaster, terrorism, a large-scale infection disease etc.
  • 4. Company provides all staff with proper education and training to maintain and improve the effectiveness of the information security management system
  • 5. Company builds and manages an organization which grasps incidents, audits its operations and effectiveness of the information security management system, and attempts its continuous improvement.

To secure its information assets and its customer, Spark support shall deploy procedures to maintain confidentiality, integrity, and availability of all information assets.
Business objectives and goals of Sparksupport are

  • Key Objective 1: Provide high quality services to our clients.

    • Goal 1 – Client Satisfaction Score of more than 98 %
    • Goal 2 – On time Delivery
    • Goal 3 – No defects of showstopper/critical type in first release to the client.
  • Key Objective 2: Continuous focus on employee satisfaction and competency development so as to reduce and stabilize employee attrition.

    • Goal 1 – A minimum of 3 man-days training in a year per employee.
    • Goal 2 – Employee satisfaction survey score of greater than 95 %
  • Key Objective 3: Continual improvement of services to our internal & external customers.

    • Goal 1 – Key process performance improvement of at least 10% per annum in all departments
  • Key Objective 4: To secure its information assets and of its customers, shall deploy procedures to maintain confidentiality, integrity and availability of all information assets.

    • Goal 1 – Number of security incidents of high severity to maintain nil in total security incidents.
  • Key Objective 5: To have year on year revenue increase while maintaining profitability.

    • Goal 1 – Revenue growth of >=40% with respect to the previous financial year

To meet these business goals, ISMS objective is defined.

ISMS Objectives

  • Protect information from deliberate or unintentional unauthorized acquisition or unauthorized access
  • Maintain confidentiality of information.
  • Maintain integrity of information by protecting it from unauthorized modification.
  • Ensure availability of information to authorized users when needed
  • Meet regulatory and legislative requirements
  • Produce, maintain, and test Business Continuity plans as far as practicable.
  • Train all staff on information security
  • Report and investigate all breaches of information security and suspected weaknesses
  • Monitor Risk Treatment Plan and measure effectiveness of selected controls.

When planning how to achieve its information security objectives, the organization shall monitor

  • Uptime of servers and networks
  • Achievement of preventive maintenance planned schedule
  • Closure of non-conformities in defined time frame
  • Conducting of defined number of awareness programs as per the process
  • Monitoring of security incidents as per the process of incident management
  • Mock drills of BCP as per process and achievement of targets
  • Review of risks as per defined process and closure of actions as per last review

The templates for each one of them is defined and frequency and thresholds for each of them is defined in the template. For monitoring and analysis following

  • Monitoring and measurement of the controls shall be done as per the process mentioned in the template.
  • The System Administrator, either himself or through one of the data center employees, shall be responsible for monitoring and measurement of controls.
  • The results from monitoring and measurement shall be analyzed and evaluated at least on a monthly basis. However, this analysis can be conducted earlier depending on exigencies, as decided by the System Administrator.
  • The System Administrator shall analyze and evaluate these results.

SparkSupport Infotech, is one of the leading managed it support company that offers scalable software solutions to facilitate your business's digital transformation.

Carnival Infopark
3rd Floor Phase II,
Kochi-30 Kerala, India.

For Service Enquiries

+91 8590383831, 9995644499
[email protected]

For Career Enquiries

[email protected]

OUR PRODUCT

Spark Eduportal is the first learning management system india that provides 100% secure videos and Live Webcasting Learn More

Copyright © 2024 Sparksupport All rights reserved.