Information Security and ISO 27001 Awareness

Objective         What is ISO 27001? Information Security Data Classification Physical Security Clear Desk & Clear Screen Policy Data Security Acceptable use of email. internet resources Incident Reporting Firstsource © 2007 | confidential | May 20. 2012 | 2 .

it should always be appropriately protected” (ISO17799:2000) Clauses 8. or means by which it is shared or stored.What is ISO 27001? Controls-based policy A comprehensive set of controls comprising best practices in information security. 2012 | 3 . Controls -134 Certifiable Internationally recognized Risk-management based Firstsource © 2007 | confidential | May 20. Control Groups – 11. An Information standard Encompasses all types of information “Whatever form the information may take.

Availability Ensuring that information and vital services are available to users when required. 2012 | 4 .Information Security Information is an asset to all individuals and businesses. Integrity Safeguarding the accuracy and completeness of information Firstsource © 2007 | confidential | May 20. Information Security refers to the protection of these assets in order to achieve: i) Confidential ii) Integrity iii) Availability Information Security Confidentiality Protecting sensitive information from unauthorized disclosure or interception.

non-public. Examples     Financial forecasting and planning information Earnings estimates Major litigation information Information on acquisition or merger plans Highly Confidential Contains personal data regarding Firstsource personnel or sensitive information about project/client data.Data Classification Secret Contains highly sensitive. opinions and intentions regarding any individual Client billing information Client’s architecture diagrams Business development tracking information Firstsource © 2007 | confidential | May 20. 2012 | 5 . home addresses and telephone numbers Health information Client lists and contact information Preferences. payroll data Performance feedback forms Social security numbers. strategic Firstsource information that is material. employee earnings. Examples          Benefits.

known to be confidential or is not generally available to the public. Examples   Company advertising literature once it has been used Data contained on http://www. 2012 | 6 . Examples       Employee phone or voice mail directory Organization charts Market offering information Asset-based solutions Internal meeting presentation materials Project deliverables Unrestricted Contains any data that is available to the public.com/ Firstsource © 2007 | confidential | May 20.Data Classification Confidential Contains Firstsource. client and some personal data which is marked confidential.Firstsource.

• Report • Handle ex-employees as visitors • Ensure that all visitors sign-in their details at the entrance the danglers in your cars for identifying as Firstsource India BPO employees • Do Not record information using stateof-the-art mobile phones or other recording equipment • Do not use personal computing device or equipment e. 2012 | 7 visitors at all times – They do not belong to Firstsource India BPO and no information is „Public‟ here loss of access cards immediately – this will prevent unauthorized access using your card.g. CD‟s etc . • Do not be chivalrous and open doors for others. laptops.Physical Security Physical controls • Display Physical controls • Escort Physical controls •Display your badge at all times within Firstsource India BPO premises. USB drives. • Disable access cards of resigned employees immediately. Firstsource © 2007 | confidential | May 20. It is mandatory for everyone to flash their access cards whenever you enter or leave a floor.

Firstsource © 2007 | confidential | May 20. Exchange information with other Firstsource entities or third party organizations through approved courier agencies.Clear Desk & Clear Screen Policy Do’s           Pick up confidential and proprietary items quickly off the printer Shred any unwanted or old documents Clear out voicemail before you leave for the day Lock confidential and proprietary documents and computer media in drawers or filing cabinets Physically secure laptops with company approved cable locks Any documents marked ‘Secret/Highly Confidential/Confidential’ should not be left on the desk unattended Log out of Windows or invoke the password protected screen-saver by pressing Ctrl-Alt-Del on the Keyboard. and selecting Lock Workstation prior to leaving the computer Include disclaimers while sending confidential fax messages. 2012 | 8 . Verify your recipient’s identity before discussing confidential information over the phone.

which you might loose Remove any Firstsource confidential Information Pin-up from the workspaces Save client related documents on PC hard disks Access Confidential information without business need  Change Screen Saver Settings Firstsource © 2007 | confidential | May 20. 2012 | 9 .Clear Desk & Clear Screen Policy Don’ts      Pin-up any confidential information or client data in the workspace Write or make notes on any piece of paper.

Any loose paper left unattended on desk will be shredded without any warning.Data Security          All Documents should be labeled. Clear boards and charts after any meeting. high confidential documents are shredded immediately after use. Restaurants. 2012 | 10 . Firstsource © 2007 | confidential | May 20. Should not share other’s ID / Passwords User is accountable to all activities done on Firstsource systems using his / her ID’s Avoid discussing sensitive and confidential information in open workspaces and public places like: Airports. Restrooms. Elevators. user should always contact Helpdesk. Ensure all confidential. User should ensure they have unique and identifiable ID and passwords for all applications they might use for their official work Should promptly follow the password policies of Firstsource and where applicable those of client In case of Login trouble to any application.

Firstsource © 2007 | confidential | May 20. Do not use Firstsource e-mail for non-business-related purposes.        Do not respond to spam e-mail or forward it to others. use caution when creating rules to avoid discarding important messages. Turn off the Microsoft Outlook preview pane before deleting spam messages. internet resources  Unacceptable use of Firstsource resources includes any activity which is: - illegal inappropriate which take up excessive time or company resources.Acceptable use of email. Be judicious of the websites you access and never browse a site that contains inappropriate material. Delete spam without opening. Do not request removal from the spammer's distribution list. even if this option is offered. 2012 | 11 .

Hacking etc. Some examples are:  All physical Security Incident should be reported to Local F&S Helpdesk. 2012 | 12 . Unauthorized distribution of information.com  All HR related Incidents should be reported to HR Helpline on 6666 Firstsource © 2007 | confidential | May 20. Sometimes a security weakness precedes an incident Theft. IT related.security@firstsource. Unauthorized physical access. contact your supervisors or India BPO BCP Team  All Information Security Incidents should be reported to Centralized Technical Support Desk on 5555 & or Send email to Information. Physical security access control failure. Policy related etc. Misuse/tampering with information. Event could be physical. Violence or Riots.  For BCP related Queries . Virus outbreak.Incident Reporting What is a security incident?  Any   event that compromises CIA of information.

2006 Stage 1 Audit (Document Review) – June 6/7. 2006 Firstsource © 2007 | confidential | May 20.Important dates to remember    Pre-Assessment Audit – June 1/2. 2012 | 13 .2006 Certification Audit – June 13/14.

BSE: 532809. UK.com) . Firstsource provides customized business process management to global leaders in the Banking & Financial Services.THANK YOU Firstsource (NSE: FSL. Argentina and Philippines. Telecom & Media and Healthcare sectors. Reuters: FISO. Its clients include Fortune 500 Financial Services.firstsource. Telecommunications and Healthcare companies. Bloomberg: FSOL@IN) is a global provider of BPO (business process outsourcing) services headquartered in India. US. (www.BO. Firstsource has a global delivery model with operations in India.

Sign up to vote on this title
UsefulNot useful