Azilen Technologies is committed to protecting the confidentiality, integrity, and availability of all information assets, including personal and sensitive data, in alignment with our strategic business objectives.
We maintain a robust Information Security and Privacy Management System (ISPMS) that complies with Indian regulations, including the Information Technology Act, 2000 and Digital Personal Data Protection Act, 2023 (DPDP Act), as well as international standards such as ISO 27001 and the General Data Protection Regulation (GDPR) for data related to EU & UK individuals.
Our Senior Management Team and employees pledge to:
- Identify, assess, and mitigate risks to critical information assets through a structured risk treatment plan.
- Drive continuous improvement of the ISPMS to minimize business risks and enhance security and privacy practices.
- Provide resources, training, and awareness programs to protect customer information and safeguard assets.
GDPR Commitment:
For clients, partners, or individuals in the European Union & UK, we adhere to the GDPR by:
- Ensuring lawful processing of personal data with explicit consent or other legal bases.
- Upholding data subject rights, including access, rectification, erasure, restriction, portability, and objection to processing.
- Implementing data protection by design and default in our software development processes.
- Appointing a Privacy Officer to oversee GDPR compliance and act as a point of contact for EU data subjects.
- Conducting Data Protection Impact Assessments (DPIAs) for high-risk processing activities.
- Maintaining records of processing activities and ensuring third-party processors comply with GDPR requirements.
Objectives of the Information Security and Privacy Management System:
- Access Control: Restrict information access to authorized individuals, both internal and external.
- Confidentiality, Integrity, and Availability (CIA): Ensure the CIA triad to meet business, regulatory, and GDPR requirements.
- Business Continuity: Establish, maintain, and test business continuity plans for operational resilience.
- Security and Privacy Awareness: Promote awareness through regular training for employees and relevant external parties.
- Incident Management: Report all actual or suspected security and privacy breaches to the Chief Information Security Officer (CISO) and Privacy Officer, with investigation by the Information Security Steering Committee.
- Regulatory Compliance: Comply with Indian data protection laws, GDPR, and other applicable regulations.
- Risk Management: Conduct periodic Information Security and Privacy Risk Assessments and implement controls to mitigate risks.
- Vulnerability Management: Perform regular Vulnerability Assessments and Penetration Testing (VAPT) on critical infrastructure and applications.
- Privacy Protection: Safeguard Personally Identifiable Information (PII) and manage privacy controls per the DPDP Act, GDPR, and other regulations.
Reference:
- Document Name & Number: ISMS SOA V 02 Date 1st March 2025, PIMS SOA V 01 Date 1st March 2025
- Contents: Mapping of ISO 27001:2022 & ISO 27701:2019 Controls and reactive and proactive effectiveness measures
If you have any questions regarding this information, please feel free to get in touch with us at info@azilen.com.
Talk to Our
Consultants
Chat with
Our Experts
Write us
an Email
