Information Security Management

ISO/IEC 27001- This framework is the foundation for Zensar’s information security management system (ISMS). Information Security Management System Policy – We at Zensar Technologies Ltd and Professional Access, a division of Zensar are committed to protect the information assets of all our interested parties, providing information security awareness to all associates and to ensure continual improvement in information security in all our business activities/processes while meeting applicable business, legal or regulatory and customer requirements through regular review of our Information Security Management System.

Information Security objectives -

• Protection of customer information

• Protection of information assets belonging to the company

• To provide confidence to business partners and customers where information needs to be shared

• Compliance - ISMS as business enabler by implementing all applicable ISMS controls

The top management of Zensar defines roles and responsibilities and appointed dedicated Information Security team, in implementing this Policy and achieving the objectives, to ensure that:

• Requirements of its interested parties are understood

• Developing policies, procedures, guidelines and provide awareness to users for implementation of the same.

• Establishing an effective Information Security Management System within the organization.

• Roles and responsibilities are assigned with appropriate authority to achieve information security objectives

• Information is accessible and available only to those authorised to have access, whenever required

• Safeguarding the accuracy and completeness of information and processing mechanisms

• Review of information security and IT risks within a defined risk management framework in which risks are identified and appropriate risk treatment controls implemented and documented

• Operating and maintaining an established Information Security Management System within the organization and demonstrating confidence to our customer(s) that their most valuable assets are secured.

• Establish and implement necessary Incident response procedure to timely address any incidents taking place.

• Providing a secure working environment for all our associates working for Zensar and Professional Access, a division of Zensar

• Timely tested and maintained business continuity and disaster recovery plans for critical IT resources.

• Evaluate the performance and effectiveness of the information security management system

• Regular review of ISMS and take timely corrective actions; and

• Identify opportunities for continuous improvements in ISMS

Certifications/compliances in Information Security and Data Privacy

• ISO27001:2022 Certification

• SSAE18 SOC1 Type II, SOC2 Type II and SOC3 attestation reports

• Data Privacy compliance to General Data Protection Regulation (GDPR), Protection of Personal Information (POPI), California Consumer Privacy Act (CCPA), Indian IT Act section 43A