Information Security Policy

Effective Date: 01 Sep 2025

Purpose

The purpose of this Policy is to safeguard information belonging to Manodayam Pvt Limited,(herein referred to as Manodayam) within a secure environment.

This Policy informs Manodayam’s staff, clients, and other individuals entitled to use Manodayam facilities, of the principles governing the holding, use and disposal of information.

 

It is the goal of Manodayam that:

  • Information is protected against unauthorized access or misuse.
  • Confidentiality of information is secured.
  • Integrity of information is maintained.
  • Availability of information/information systems is maintained for service delivery.
  • Business continuity planning processes are maintained.
  • Regulatory, contractual and legal requirements are complied with.
  • Physical, logical, environmental and communications security are maintained.
  • Infringement of this Policy may result in disciplinary action or criminal prosecution.
  • When information is no longer of use, it is disposed of in a suitable manner.
  • All information security incidents are reported to the CTO and investigated through the appropriate management channel.
 

This policy covers Information relating to:

  • Electronic information systems (software, computers, and peripherals) owned by Manodayam, whether deployed or accessed on or off campus.
  • Manodayam’s computer network used either directly or indirectly.
  • Hardware, software and data owned by Manodayam.
  • Paper-based materials.
  • Electronic recording devices (video, audio, CCTV systems).
  • Information related to customers / client.

Policy

Manodayam requires all users to exercise a duty of care in relation to the operations and use of its information systems.

Authorised users of information systems

With the exception of information published for public consumption, all users of Manodayam information systems must be formally authorized by appointment as a member of staff. Authorized users will be in possession of a unique user identity. Any password associated with a user identity must not be disclosed to any other person. Our “password policy” section in the Manodayam Access Control policy, describes these principles in greater detail.

 

Authorized users will pay due care and attention to protect Manodayam information in their personal possession. Confidential, personal or private information must not be copied or transported without consideration of the following:

• Permission of the information owner
• The risks associated with loss or falling into the wrong hands
• How the information will be secured during transport and at its destination.

Acceptable use of information systems

Use of Manodayam ’s information systems by authorized users will be lawful, honest and decent and shall have regard to the rights and sensitivities of other people. The detail of acceptable use in specific areas may be found in the list of subsidiary policies detailed in the Appendix.

Information System Owners

Manodayam ’s CTO, who is responsible for information systems, is required to ensure that:

• Systems are adequately protected from unauthorized access.
• Systems are secured against theft and damage to a level that is cost- effective.
• Adequate steps are taken to ensure the availability of the information system, commensurate with its importance (Business Continuity).
• Electronic data can be recovered in the event of loss of the primary source.
• i.e. failure or loss of a computer system. It is incumbent on all system owners to backup data and to be able to restore data to a level commensurate with its importance (Disaster Recovery).
• Data is maintained with a high degree of accuracy.
• Systems are used for their intended purpose and that procedures are in place to rectify discovered or notified misuse.
• Any electronic access logs are only retained for a justifiable period to ensure compliance with the data protection, investigatory powers and freedom of information acts.

Personal Information

Authorized users of information systems are not given rights of privacy in relation to their use of Manodayam information systems. Duly authorized officers of Manodayam may access or monitor personal data contained in any Manodayam information system (mailboxes, web access logs, file-store etc).

Breach of Policy

Individuals in breach of this policy are subject to disciplinary procedures at the instigation of the CTO with responsibility for the relevant information system, including referral to the Police where appropriate.

Manodayam will take legal action to ensure that its information systems are not used by unauthorized persons.

Ownership

The CTO of Manodayam has direct responsibility for maintaining this policy and providing guidance and advice on its implementation.

Information system owners are responsible for the implementation of this Policy within their area, and to ensure adherence.