INFORMATION SECURITY POLICY

Information Security Policy

The principal focus of Nityo Information Security Policy is to provide the following:

Confidentiality: Maintaining the restriction of access to information by authorized persons, entities and processes at authorized times and in an authorized manner;

Integrity: Safeguarding the accuracy and completeness of information and information processing systems; and

Availability: Ensuring that authorized users have access to information and associated assets when required.

The purpose of this policy is to protect the organization’s information assets from all threats, whether internal or external, deliberate or accidental.

It is the policy of the organization to ensure:

• Information should be made available with minimal disruption to staff and the public as required by the business process.
• Critical information is protected from unauthorized access, use, disclosure, modification and disposal, whether intentional or unintentional.
• All breaches of Information Security, actual or suspected, are reported, investigated by the designated personnel and appropriate corrective and preventive actions are taken.
• All our employees and wherever applicable to third parties e.g. Sub-contractors, consultants, vendors etc. are adequately communicated on information security programs.
• Information security objectives resulting from risk assessment are documented, communicated and monitored for their progress and evaluated for their results.
• A commitment towards the continual improvement of information security management system
• Ensure Risk Assessment and treatment is re-reviewed after every six months.
• The policy shall be reviewed at periodic intervals (Half Yearly) - to check for its effectiveness and applicability, changes in technology, changes in Risk Levels that may have impact on Confidentiality, Integrity and Availability, legal and contractual requirements, and business efficiency.