Professional Documents
Culture Documents
Performance Compliance
Happiest Minds Internal 5
Information security begins with You
PLAN
Establish
ISMS
Internal and
External
Issues
ACT
ISO DO
Intended
Maintain & 27001 Implement
outcome of
& Operate
Improve ISMS
ISMS
ISMS
Needs and
Expectations
of Interested CHECK
parties Monitor &
Review
CEO &
Management
Strategic, Advisory,
Council
Monitoring & Practice
Information Owners
Implement & Practice
(Units Heads, Project Managers, Practice Leads, Managers)
• Published
– Information that can be released to the public, media, etc. or obtained from public
sources
• Internal
– All Happiest Minds can access e.g. policies
• Restricted
– E.g. project data, available to only team members
• Confidential
– Data requiring highly restricted access
• Client Confidential
– Data about customers or their customers requiring specific handling as per MSA
• Physical Security
• Password Controls
• Email usage, Internet usage
• Anti-Virus, Anti-malware
• Data security & Privacy
• Software Usage & Copyrights
• Safety of Computer Media
• Clear Desk and Clear screen
• Social Engineering
• Laptop Security
• Security Incident Reporting
• Data Back-up & Business Continuity
• BYOD, Legal Compliance
Happiest Minds Internal 12
Security begins at the doorstep
Do’s
Always wear your photo ID while in SMILES premises
Swipe in & out for marking presence in office
Report lost or stolen ID or access card immediately to Head of Facility by email
Escort your visitors, have them signed in/out and ask them to declare their
laptops, USBs & media
Report to security at reception if you see any suspicious activity
Don’ts
Do not share your access card
Failing to get a temp ID or to record in register if you have forgotten your ID
Attempting to enter restricted areas without authorization
GNSOC, Server & communication switch rooms, UPS room, any area marked for
authorized personnel entry only
Do’s Don’ts
Comply with the policy Do not share your passwords
Choose strong passwords Do not write them down
Change your password before expiry Do not use a sequence when
Maintain secrecy of your log-on changing passwords
credentials Do not ask for others passwords
Avoid log-on after 3 failed attempts & Do not try to guess & use others user
contact IT immediately ID & password
Report to IT Help Desk if your account has been disabled or if you suspect that your
account could have been compromised
Happiest Minds Internal 14
Clear Screen and Clear Desk policy
Do’s Don’ts
Lock your desk(lap)tops before Leaving your desk(lap)tops unlocked
leaving your desk Leaving media and
Log-off all sessions before leaving for sensitive/confidential documents
the day unattended
Lock all project related media and Failing to collect your print-outs
documents in the draws provided immediately
Be aware of your surrounding while Shoulder-surfing
discussing official matters While leaving for the day forgetting
Observe this policy while you are to shut-down your desktop & switch
away from the office your monitor off
Be aware that sensitive data could leak through voicemails & faxes too
Happiest Minds Internal 15
Email & Internet – Acceptable Usage Policy
Do’s Don’ts
Use only for business purposes Sending bulk/mass emails
Avoid connecting thru’ insecure
networks Forwarding email chains
Use licensed anti-virus on personal Emailing inappropriate content
devices
Visiting unauthorized sites
Check recipient email IDs before
sending Downloading & installing software
Be aware that mis-use of emails & without IT/Manager’s approval
Internet may attract penal actions per
company policies & laws of the land Disabling security controls
Use Information Rights Management to Attempting to hack or crack
protect your emails
Be aware that your activity may be monitored for business and security
reasons
Happiest Minds Internal 16
Acceptable Use… cont.
Do’s Don’ts
Understand the criticality and Forwarding official data to your
sensitivity of your data personal emails / Unauthorized
Classify your data appropriately people
Provide access to data based on Carrying official data on personal
business needs devices without encryption
Provide minimum access Using applications like Dropbox
Monitor access
Violating licensing agreements
Educate your users
Posting data about Happiest Minds
Revoke access once “business need”
is over Technologies confidential information
and its customers on social
Use SharePoint / File Server to store
all your data networking sites
Follow Social Media policy Not backing up business data
Do’s Don’ts
Observing policies as you would Leaving your laptop / mobile devices
when in office unattended
Being aware of your surroundings Checking in your laptop when you fly
while discussing official stuff on Talking loudly about the purpose of
mobile phones in public areas your travel
Keep your laptop & personal devices Discussing about your project with
safe co-passengers
Remember to use CTRL+ALT+DEL Disabling security settings on your
Follow customer security policies laptop
while working from their premises Sharing your laptop
Limiting the use of public network
connections
Information Security
is
(y)our responsibility
Reach us at
Compliance@Happiestminds.com
Document Control