Effective Date: 22 December 2023
Version: 1.0
The purpose of this Information Security Management System (ISMS) Policy is to protect the information assets of Tru Performance from all threats, whether internal or external, deliberate or accidental, to ensure business continuity, minimize business risk, and maximize return on investments and business opportunities.
This policy applies to all employees, contractors, and third-party users of information systems and services within Tru Performance. It encompasses all aspects of information security related to the digital marketing, IT development, and BPO services provided to our clients, especially those based in North America and India.
Ensuring that information is accessible only to those authorized to have access.
Safeguarding the accuracy and completeness of information and processing methods.
Ensuring that authorized users have access to information and associated assets when required.
Regularly assess risks to the company’s information assets and implement appropriate measures to mitigate identified risks.
All employees will receive regular training on information security and its importance.
Access to information will be controlled on the basis of business and security requirements.
Information security incidents will be reported and investigated to prevent recurrence.
Compliance with legal, statutory, regulatory, and contractual requirements will be ensured.
Senior management is committed to supporting ISMS initiatives to improve the overall security posture of Tru Performance.
All employees are responsible for adhering to the ISMS policy in their day-to-day operations.
An ISMS team shall be responsible for implementing, maintaining, and improving information security.
Tru Performance will ensure compliance with international data transfer regulations when handling client data across borders. The company will implement measures to protect the privacy and security of client data in accordance with relevant laws and agreements.
Dispute resolution mechanisms related to information security matters will be established, clarifying how disputes will be resolved between Tru Performance and its clients.
Tru Performance will maintain records related to information security incidents, risk assessments, and compliance activities to meet potential legal and regulatory requirements. Tru Performance will maintain records of employee training on information security, useful for demonstrating compliance during audits or legal inquiries.
Key terms, including “information assets,” “security incidents,” and “authorized users,” are defined to ensure a common understanding among employees.
Tru Performance is committed to staying informed about changes in legal and regulatory requirements related to information security and will update the ISMS policy accordingly.
This policy will be reviewed annually or following significant changes to the organization or the risk environment, to ensure its continuing suitability, adequacy, and effectiveness.