Professional Documents
Culture Documents
C-40, Sector 59
Noida 201 307
(U.P.), India
http://www.rsystems.com/
Document Id.
Id.: :ISguide
ISPolicy049
Version No.
No.: :1.0
1.0
Released on
on: :22/05/06
18/07/17
This document of R Systems International Ltd. is for internal circulation. No part of this publication may be
reproduced, stored in a retrieval system, or transmitted in any from or by any means – recording,
photocopying, electronics and mechanical without prior written permission of R Systems International Ltd.
Review History
S No. Review Date Reviewed By Remarks
Document History
Ver. Release DCR Ref. Description of Authored/ Reviewed Approved
No. Date Change Revised By By
By
1.0 15/06/15 DCR/ISMS/ New Document ISMS Manager CISO
122 created as per Team QAG
ISO 27001:2013
1.0 15/06/15 DCR/ISMS/ Annual Review – ISMS Sr. CISO
132 22/6/16 Team Manager
QAG
1.0 18/07/17 DCR/ISMS/ Annual Review ISMS Sr. CISO
136 Team Manager
QAG
Notes:
Only controlled hardcopies of the document shall have signatures on them.
This is an internal document. Unauthorized access or copying is prohibited.
Uncontrolled when printed unless signed by approving authority.
1. Overview ...................................................................................................... 5
2. Acronyms ..................................................................................................... 5
3. Objective ...................................................................................................... 5
4. Scope ........................................................................................................... 5
5. Policy ........................................................................................................... 5
©R Systems International Ltd Internal ISPolicy049
1. Overview
2. Acronyms
Acronyms Description
CISO Chief Information Security Officer
RSI R Systems International Ltd.
3. Objective
The purpose of this policy is to protect the company’s confidential information that is
accessible to third party service providers by preventing unauthorized disclosure,
modification, removal or destruction of information assets that may lead to
interruptions in business activities.
4. Scope
This policy applies to all employees and third party suppliers of RSI.
5. Policy
Formal Risk Analysis (as per the process highlighted in the Procedure for
Supplier Relationship) shall be carried out before allowing access to the IT
systems and facilities to the third party personnel by the engaging department of
RSI.
RSI shall ensure that formal information security requirements (as per Supplier
Relationship Procedure ISProc031) for third party access, operations of the IT
systems and facilities are defined, documented and conveyed to the respective
departments and the third party service providers.
A lifecycle for managing supplier relationship shall exist and adhered to.
RSI shall draw and sign formal written contracts with all the third party service
providers and business partners (as per the process highlighted in the Procedure
for Supplier Relationship). These contracts shall include the Service Level
Agreement (SLA) identified, defined and agreed on for the respective service.
Formal Non-Disclosure Agreement (NDA) shall be signed with the third party for
compliance to the information security requirements and the information security
Policy. Information security requirements for mitigating the risks associated with
supplier's access to the R Systems’ assets shall be agreed with the supplier and
documented in the Non-Disclosure Agreement (NDA).
RSI shall monitor and review supplier service delivery on a quarterly basis
requirements (as per Supplier Relationship Procedure ISProc031).
RSI shall ensure that all the access rights defined, software installed and the
data pertaining to RSI stored on third party storage media shall be removed on
the termination of third party services.