Information Security Policy
BU Soft Tech is committed to deliver product & services to its customers complying to all their quality, security and other applicable requirements and continually improve the system. Following certifications from ISO body reasserts the quality and security standards we maintain for our services
a. ISO 9001:2015 – 2015 Quality Management System Certification from International Organization for Standardization (ISO)
b. ISO 27001:2013 – Information Security Management System (ISMS) based on ISO/IEC 27001 Standard laid out by International Organization for Standardization (ISO)
We have laid our security controls and standards to protect information assets of customers and other stakeholders from all threats and vulnerabilities both internal and external at all times. Our Customers can rest assured on we maintain their confidentiality, integrity and availability of their information assets. Following are some of the measures and controls we have in place to protect our data and operations
- Taking appropriate measures to ensure the security of information assets and to maintain the levels of confidentiality, integrity and availability necessary to support the operation of the business.
- Fostering customer confidence by implementing IT & HR policies and processes that comply with the requirements of ISO 27001, the International Information Security Management System standard.
- Continually improving the ISO 27001 compliant Business Management System through the establishment and regular review of measurable security objectives at relevant functions and levels of the organization.
- Setting security objectives as part of the annual business planning and budgeting process, and ensuring progress against these are reviewed as part of regular Business Management System Action Group meetings.
- Committing to comply with business and legal regulatory requirements and contractual security obligations.
- Providing systems for protection against unauthorized access and ensuring confidentiality of data.
- Developing, implementing, and testing a disaster recovery and business continuity plan.
- Creating processes to identify and review the risks, threats, vulnerabilities and the impact of breaches on protected information, relating to the company’s information security assets.
- Communicating all relevant security policies to customers, employees and other interested parties.
- Regularly reviewing the Business Management System, to ensure its continuing suitability, as part of the annual management review process.
- Every change and new feature are governed by a change management policy to ensure all application changes are authorized before implementation into production.
- Our Software Development Life Cycle (SDLC) mandates adherence to secure coding guidelines, as well as screening of code changes for potential security issues with our code analyzer tools, vulnerability scanners, and manual review processes.
- Continuously educate and train our employees on standards and policy changes we implement as part of continuous improvement.