Information Security Management relates to all types of information, be it paper-based, electronic or other. It determines how information is processed, stored, transferred, archived and destroyed.
A secure information management system is one, which ensures:
- Confidentiality: so that only those who are authorized to see the information have access to it
- Integrity: so that the accuracy and completeness of the information is safeguarded by robust sourcing, processing, updating and storage processes
- Availability: so that authorized users have access to information and associated assets, in the required forms, when they need it.
JBA Information Security Management is about the protection of information assets from potential security breaches. It starts with reviewing risks, setting policies, processes and controls, and by implementing them throughout the organization.
A key inhibitor to India as a leading software outsourcing destination is concern over Intellectual Property Protection (IP).
JBA addresses these concerns on a number of levels and throughout the company adheres to the highest systems of security management. At a corporate governance level JBA was accredited ISO 27001 in August 2006, by BSI (British Standards Institute).
In addition to complying with ISO 27001, from a corporate perspective we address security on three levels:
- Individual card and pin access for all employees
- Biometric security on server rooms
- Hardware/software installation is strictly monitored
- Personal PCs/storage devices forbidden
- All staff subject to security background checks
- Employees commit to IP protection
- Individuals, upon customer request, sign NDA’s
- Individual staff at JBA is encouraged to act with integrity and responsibility when it comes to IP protection.
- We educate employees on JBA’s security compliances and JBA’s Change Management Policy.
- We actively encourage that IP protection is practiced and implemented.
In addition to ISO 27001 and the cultural, legal and operational security measures, we work with customers to provide additional security as required. We offer a range, adaptable to individual needs:
- Basic Security i.e. Controlled access throughout facility, firewall and anti-virus protection, regular backup and offsite storage, and non-use of portable media.
- Enhanced Security i.e. Virtual private networks between the customer and JBA and maintain a networks and confidentiality agreements with each developer.
- Advanced Security i.e. A separate controlled access workspace, separate physical networks and additional background checks for each developer.
- And finally, as a pure software service company, we remove any potential conflict of interest with our customers’ business.