Professional Documents
Culture Documents
C-40, Sector 59
Noida 201 307
(U.P.), India
http://www.rsystems.com/
Version No.
No.:: 1.0
3.1
Released on
on:: 22/05/06
25/05/22
This document of R Systems International Ltd. is for internal circulation. No part of this publication may be
reproduced, stored in a retrieval system, or transmitted in any from or by any means – recording,
1
photocopying, electronics and mechanical without prior written permission of R Systems International Ltd.
Review History
S.No. Review Date Reviewed By Approved By
1 09/06/06 ISMS Forum Doc Changed and DCR raised
2 01/06/09 ISMS Forum Doc Changed and DCR raised
3 07/04/11 ISMS Forum No Change
4 01/06/12 ISMS Forum Doc Changed and DCR raised
5 09/08/12 ISMS Forum Doc Changed and DCR raised
6 01/01/14 Manager QAG Doc Changed and DCR raised
7 15/06/15 Manager QAG Doc Changed and DCR raised
8 15/06/15 Sr. Manager QAG Doc Changed and DCR raised
9 18/07/17 Sr. Manager QAG Doc Changed and DCR raised
10 25/07/19 Sr. Manager QAG No Change
11 24/07/20 Sr. Manager QAG No Change
12 22/07/21 SFG No Change
13 25/05/22 QAG Doc Changed and DCR raised
2
DOCUMENT CONTROL SHEET
Document History
Ver. Release DCR Ref. Description of Author Reviewed Approved
No. Date Change ed/Rev By By
ised
By
1.0 09/06/06 DCR/002 Final release QA ISMS Forum CISO
Group
2.0 01/06/09 DCR/ISMS/059 ISMS Periodic QAG ISMS Forum CISO
Review
2.0 07/04/11 NA Periodic Review QAG ISMS Forum CISO
2.1 01/06/12 DCR/ISMS/100 Minor changes – QAG ISMS Forum CISO
section 3.3.2 & 3.6
updated
2.2 09/08/12 DCR/ISMS/105 Classification QAG ISMS Forum CISO
changed to Internal
2.3 01/01/14 DCR/ISMS/112 RSI Logo Updated ISMS Manager CISO
Team QAG
3.0 15/06/15 DCR/ISMS/122 Document revised ISMS Manager CISO
and updated as per Team QAG
ISO 27001:2013
3.0 15/06/15 DCR/ISMS/132 Annual Review ISMS Sr. Manager CISO
Team QAG
3.0 18/07/17 DCR/ISMS/136 Annual Review, ISMS SFG CISO
Review Date: Team
18/06/18
3.1 25/05/22 DCR/ISMS/148 Changes – section ISMS SFG CISO
3.4 and 3.5 updated Team
Notes:
Only controlled hardcopies of the document shall have signatures on them.
This is an internal document. Unauthorized access or copying is prohibited.
Uncontrolled when printed unless signed by approving authority
3
Table of Contents
4
©R Systems International Ltd Internal ISPolicy032
1.0 Overview
Every business can experience a serious incident that can obstruct normal business
operations. The Management has the responsibility to recover from such incidents in the
acceptable down time.
2.0 Objective
3.0 Policy
RSI shall determine its requirements for information security and the continuity of
Information security management in adverse situations, e.g. during a Crisis or
disaster
Risk Assessment
Business process owners shall be responsible for ensuring that the key events that
can cause disruption to their processes are identified, the probability of their
occurrence and their potential adverse impact is documented. Threats and
applicable vulnerabilities shall be identified for information assets within the
process. Threats, applicable vulnerabilities, their impact on assets and existing
controls shall be evaluated to identify risks to information assets while:
Risk and impact assessment shall be reported by process owners to ISMS Forum.
and in the required time scales following interruption to, or failure of,
critical business processes.
Disaster Recovery
Plan
Business
Continuity Plan
A single common framework shall be followed for drafting continuity plans as per
business requirements, which shall include the key stakeholders and third parties.
The risks and business impacts shall be considered for developing and updating
the business continuity strategy of the company. The framework shall include but
not be limited to:
Establishing recovery time objectives;
Conditions for disaster declaration and plan invocation;
It shall also comprise of a crisis management program including but not limited to :
List of command centers;
Directions to muster points;
Emergency response procedures (during and after normal business
hours);
Communication procedures, including but not limited to crisis
management team, strategic outsourced partners, third parties; and
Executive succession.
3.6 Redundancies
3.6.1 Availability of Information Processing Facilities
Information processing facilities shall be implemented with redundancy sufficient to
meet availability requirements as per the business objectives.