ISMS Policies

Welcome and
Introduction

 Welcome to the Aexonic Family

 Introduction.

 How Internet made our life Less Secure and why it is Important
Agenda

• CIA Triad

• Clear Desk Policy

• Acceptable Use Policy

• Incident Management

• HR Policies
POLICIES
Information Security Policies Human Resources Policies
ATPL_POL_01_Information Security Policy
ATPL_POL_05_Access Control Policy
ATPL_POL_06_Password Policy Ver 1.1
ATPL_POL_12_Disciplinary Policy Ver 1.1
ATPL_POL_09_Human Resources Security Policy Ver 1.1
ATPL_POL_11_Clear Desk and Clear Screen Ver 1.1 ATPL_POL_03_Teleworking Policy Ver 1.1
ATPL-POL 13_Information Security Risk Management Policy Ver 1.1
ATPL-POL 14_Physical & Environmental Security Policy Ver 1.1
ATPL-POL 15_Anti-Malware Policy Ver 1.1
ATPL-POL 16_Secure Media Disposal Policy Ver 1.1
ATPL-POL 20_Asset Management Policy Ver 1.1
ATPL-POL 21 - Acceptable Use Policy Ver 1.1
ATPL-POL 23 - Disaster Recovery Policy Ver 1.1

An ISMS Policy is mandatory, and you can access all these policies using this link
https://shorturl.at/gsvAM
 Title: Security Induction Training
Subtitle: Building a Secure Work
Environment

Created by : Team ISMS

 What is ISMS policy ?

An ISMS policy is a document that defines the scope, objectives,

and principles of your information security management system

6
 CIA Triad for
Employees
1. Confidentiality: Protecting Privacy
• Ensures sensitive information is kept private.
• Prevents unauthorized access to critical data.
• Safeguards personal, financial, and proprietary information.

2. Integrity: Ensuring Accuracy

• Guarantees the accuracy and trustworthiness of data.
• Prevents unauthorized alterations or tampering.
• Upholds data reliability for informed decision-making.

3. Availability: Ensuring Access

• Ensures resources are available when needed.
• Mitigates downtime and maintains operations.
• Enables timely access to critical services and data.

7
Security Awareness
• Explain the significance of security awareness for both personal and
company data protection.

• Highlight how each employee contributes to maintaining a secure

environment.
Information Security Policies

ATPL_POL_11
Clear Screen Policy-
• Please keep your desktop screen clean because saving any
file or documents on desktop screen is against the ISO
guidelines.
• Make a standard folder structure for storing your files on an
office laptop.
• Make sure your OneDrive is Created for regular backup of
important documents.
• Always keep windows defender on for viruses, threats,
malware, and ransomware protection, it is the first line of
defense for your machine
• Computer workstations must be locked when the workspace
is unoccupied.
Acceptable Use Policy
• Authorized Use: Company resources are for business purposes only; personal use is discouraged.
• Data Security: Safeguard sensitive information; follow data handling protocols.
• Internet Usage: Limited to work-related activities; no inappropriate content.
• Email Etiquette: Professional communication only; avoid spam or malicious content.
• Software Usage: Install approved software only; no pirated or unauthorized applications.
• BYOD (Bring Your Own Device): Secure personal devices used for work with company-approved software.
• Social Media: Responsible representation of the company online; avoid confidential info.
• Remote Work Security: Adhere to remote work guidelines, including VPN usage.
• Consequences of Violations: Violations lead to disciplinary actions, access suspension, legal consequences.
• Reporting Incidents: Promptly report any security breaches or violations to IT.
• Review and Updates: AUP reviewed annually for emerging threats and advancements.
• Employee Acknowledgment: All employees must sign AUP acknowledgment form.

10
Incident Management

• Infrastructure - Abhishek Mishra

• Asset Damages - Abhishek Mishra
• Network & Firewall - Abhishek Mishra
• Data Breach - Ramchandra Chauhan & Pawan Shrivastav
• Vulnerability Management - Ramchandra Chauhan & Pawan Shrivastav
• Patch management – Associate Project Manager or Arindam Mondal
• ISMS Awareness – Pawan Shrivastav
• Human Resource – Aprajita Sinha

11
Windows Defender Security

12
HR Policies

Time Management Policy-

• Attendance and time management
• Flexi-working timings:
• Notification Procedure:
• Disciplinary Process
• Time sheet
 HR Policies

Disciplinary Policy-
• Formal Action
• Informal Action

Employee Referral Policy –

• An employee may refer individuals who fit the specifications given in job descriptions
• Need to email the referred candidate resume or ask the candidate to email the
resume on [email protected] mentioning the name of existing employee who
referred him/her.
• In case the resume exists in the data bank, the referral process will be terminated.
• The employee’s involvement is limited only to the submission of the resume and will
• not in any way be influential in the interview or compensation finalization of the
• candidate.
• A referred candidate if selected in the Company, results in the employee being
• eligible for a Monetary reward of Rs. 4000 – Rs. 10000 as per the experience.
HR Policies

Teleworking Policy-
• Employees should be available on Messenger
& Mail between general office hours (Between
09:30 AM – 07:30 PM) . Mon-FRI
• Employees working on different time zone
projects or clients should be available on
Messenger & Mail between time hours as
required by Leader/Project Manager.
• Employees are expected to login and logout
GreytHR on daily basis
HR Policies
• The roles and responsibilities of employees, contractors and third-
party users shall be defined and documented

• Formal procedure shall exist for recruitment based on Aexonic

Technologies Private Ltd. requirements such as appropriate
qualifications and experience; pre-recruitment screening and
background checks; relevant laws, regulations and ethics.

• All the employees, contractors, and third parties shall agree to and
sign the terms and conditions of the appointment and non-disclosure
agreement, which include their organizational responsibilities for
information security during and after the contract term.

• Awareness training on information security policy, associated policies

and other relevant statutory compliances shall be conducted by
delegated authority

• Induction of new employees, contractors or third parties into the

organization

• On changes to the information security policies for all existing

employees, contractors and third parties should be notified.
17