IT Security and System Policy

GE3S understands and recognizes the importance of “information” to its business operations and hence is committed to provide its customers, stakeholders, business partners & employees a secure information processing environment. GE3S intends to achieve security of its information assets based on the three founding principles of Information Security – Confidentiality, Integrity & Availability. Optimum security will be accorded to information assets by classifying them based on their business value and risk exposure. GE3S thus will ensure the privacy of company, customer, stakeholder, business partner & employee information, by protecting it against unauthorized access, disclosure and/or loss. GE3S endeavors to continuously and proactively manage risk to its information at an acceptable level through the design, implementation and maintenance of an effective Information Security Management System (ISMS) that adopts industry best practices & standards. The ISMS so developed will comply with the requirements of the local and international laws and regulatory requirements.

It is the policy of GE3S to prohibit unauthorized access, disclosure, duplication, modification, diversion, destruction, loss, misuse, or theft of this information. In addition, it is the policy of GE3S to protect information belonging to third parties that has been entrusted to GE3S in a manner consistent with its sensitivity as well as in accordance with all applicable agreements.

The principles that shall be followed to secure the information are as follows:

• Securing of information based on the three founding principles of Information Security - Confidentiality, Integrity & Availability, to facilitate appropriate sharing of information across the organization.
• Ensuring the privacy of Organization, customer, stakeholder, business partner & employee information by suitable protection of the information and its information processing infrastructure against threats, both internal and external.
• Continuously and proactively monitoring and managing the risks based on the GE3S’s risk appetite.
• Maintaining an effective Information Security Management System (ISMS) which adopts leading industry standards and best practices to ensure the security of information by providing a framework of learning & innovation and by challenging existing practices and introducing new processes and practices.
• Ensuring that all the government laws and regulatory requirements of local authorities are complied.
• Reviewing and aligning the Information Security Policy with GE3S’s business objectives and communicate the changes (if any) to all concerned on a regular basis.

The Security Policy will be reviewed independently once a year or earlier if circumstances require. It will be published and communicated to all employees and relevant external parties and any non-conformity will be addressed to ensure compliance.