VisionX Technologies Pvt Ltd is committed to protect its information assets by deploying information security controls that minimize the impact of security incidents. The purpose of this policy is to demonstrate (a) management commitment and (b) create, maintain and continually improve information security) within the company and customer services.
This policy applies to whole VisionX by setting security objectives, management commitments, and defining roles and responsibilities.
The leadership and management of VisionX are committed to preserve the availability, confidentiality and integrity of the physical and information assets we store, process or communicate on behalf of our staff, suppliers, clients and partners.
It is essential that our customers at any time trust us to handle their data in a correct and secure manner. This is why, security must be viewed as a part of our DNA and a prerequisite for the company to be able to function and be competitive. We strongly believe that information security is essential to maintain the company competitive edge, as well as its legal, regulatory and contractual compliance.
VisionX management is committed to create, maintain and continually improve the Information Security Management System. We shall adhere to recommended ISMS practices in compliance with ISO-27001-2013, to deliver company services while fulfilling information security expectations of our customer.
VisionX aims to achieve certain information security (IS) objectives that are developed in accordance with its business objectives and the context of its operations. These IS objectives are achieved by certain controls, which addressed by VisionX policies.
Specific information security objectives are as follows:
The VisionX strategic business plan and risk management framework provides the context for identifying, assessing, evaluating and controlling information-related risks through the establishment and maintenance of a security program. The risk assessment and risk treatment plan identify how information-related risks are controlled.
Information and information security requirements will continue to be aligned with company goals by management of information-related risks to acceptable levels, and is intended to be an enabling mechanism for information sharing, electronic operations, and innovation.
VisionX has established a compliance team led by Information Security Officer and consists of representatives from various departments and top management. This team monitors, manages, and continually improves the information security posture of VisionX and periodically review policies. In particular this team is responsible for implementing all the requirements from this policy and reporting the performance to top management.
VisionX also has a security team that analyze organizational context to enable informed decisions and manage security related processes. This team helps to maintain business continuity and contingency plans. Control objectives for each business areas are supported by specific documented policies and procedures.
The Chief Risk Officer (CRO) is responsible for the management and maintenance of the overall risk management framework. Detailed risk assessments, where necessary, are carried out by individual departments to determine appropriate controls for specific risks.
Violation of the security rules may result in sanctions towards employees in accordance with HR rules and procedures. Towards business partners, suppliers, and their employees, the sanction can be imposed in accordance with signed agreements.
VisionX reserves the right to detect and investigate any external or internal attempts of unauthorized access to the company information assets or attempts to prevent its systems from functioning appropriately. VisionX will evaluate all such attempts with a view to potential police reports and legal consequences.
VisionX information security policies are subject to continuous, systematic review and improvement. This policy will be reviewed at least annually or when there are significant changes to the business or risk treatment plan. Incremental reviews are performed whenever there is significant change in information services, systems, architecture, or infrastructure.
Chief Information Security Officer & Managing Director April 8th, 2021