1. Policy Statement
1.1. Information Security Information systems (IS) and the information contents are important assets as it is used to support the Infinity Consulting Technology Sdn Bhd (ICTSB)’s business operations. ICTSB is committed for continuity imprsovement and to protect these assets adequately in terms of its Confidentiality, Availability and Integrity (C.I.A) against unauthorized access and disclosure, modification, destruction and theft. This is also aligning to requirements within the ISO/IEC 27001:2013 and other related requirements. The security controls implemented must be appropriate to the value of the asset and the associated risks.
1.2. Scope and Application The policy applies to management, all employees (including the employees outside ISMS Scope), contract staff, intermediaries, consultants, relevant subsidiaries, vendors and other third parties who access Infinity Consulting Technology Sdn Bhd’s Information System facilities and resources that is related to all AEGIS related assets in HQ Office and Datacenters.
a) It is the responsibility of management and all employees (including the employees outside ISMS Scope) of Infinity Consulting Technology Sdn Bhd to:
(a) Comply with the ICTSB-ISMS-Policy;
(b) Safeguard the information they create, receive or control, and the facilities they use.
b) It is the responsibility of relevant suppliers of Infinity Consulting Technology Sdn Bhd to:
i. Comply with the Non-Disclosure Agreement (NDA); or/and
ii. Comply with the Master Terms;
iii. Safeguard the information they create, receive or control, and the facilities they use.
The ISMS Working Committee, Management, AEGIS Cloud Operation Operation Administration and Internal Audit shall be responsible for the implementation and monitoring of the ICTSB-ISMS-Policy. The ICTSB-ISMS-Policy must be reviewed and approved of any updated changes by ISMS Working Committee on a yearly basis.
2. ISMS Objectives
The main objectives of IS Policy is to ensure:
Sensitive information within all AEGIS Cloud Operation related IT assets in HQ Office and Datacenters are adequately protected from any unauthorized access or disclosure based on ICTSB-ISMS-S10 (Information Classification-Confidentiality).
Information within all AEGIS Cloud Operation related IT assets in HQ Office and Datacenters are adequately protected to ensure it is valid, accurate and complete, and protected from unauthorized modification.
System resources and services within all AEGIS Cloud Operation related IT assets in HQ Office and Datacenters are protected from being degraded or made unavailable from lost and damage with uptime 99%.
Adequate audit trails for user accountability and to promote check and balance.