Contour Software (IT Department) is certified ISO/IEC 27001
ISO 27001 is the leading international standard certification focused on information security that was developed to help organizations, of any size or any industry, protect their information in a systematic and cost-effective way, through the adoption of an Information Security Management System.
Not only does the standard provide companies with the necessary know-how for protecting their most valuable information, but a company can also get certified against ISO 27001 and, prove to its customers and partners that it safeguards their data.
Our Information Security Policy
The information assets of Contour IT are protected from all types of threats, whether internal or external, deliberate, or accidental, such that the confidentiality of information is maintained, integrity of information can be relied upon, availability of information is ensured, and all legal, regulatory, statutory, and contractual obligations are met.
- The Information Security Policy is a high-level document and will implement the suitable and appropriate controls to protect or safeguard the information.
- Information security policy applies to Information Security functions/resources or services from all affiliates of Contour Software.
- All workforce members and third-party vendor’s/Contractors as well as Interested parties who have access to Contour’s Information are required to abide by/adhere to the Information Security Policy, policies, processes, and procedures.
- Failure to comply with the Information Security Policy(s), processes, and procedures will lead to disciplinary action as stated the Employee Handbook(employees), and in accordance with current Electronic Crime Act, 2016.
- Information security education and training/awareness is made available to all employees and third-party vendor’s/Contractors.
- Contour conducts annual assessment or assessment when a solution is launched for security controls to understand applicability, time for implementation, and required investments. Based on the above, exceptions could be obtained, provided, suitable compensatory controls are applied to mitigate the risks in the interim period.
- The Management at Contour is ultimately responsible for the implementation of the Information Security Management System and is committed to continually improvement the information security compliances for the protection and safeguarding of the ISMS under the scope of Contour Software Pvt Ltd.
- The GRC team is responsible for the maintenance, awareness, and assurance of compliance with information security policy/policies, processes, and procedures to all work force members.
- The Manager IT & GRC is responsible for the review and making any changes to the information security policy however the subjected changes will be approved by the Managing Director.