Overview
|Highlights
| Disaster Recovery Measures | IPR
Protection
Aricent has a well-managed Strategic Outsourcing Service
process in place for developing and maintaining business continuity
in offshore projects to counteract interruptions to Aricent
business activities and to protect critical business processes
from the effects of major failures or disasters. Aricent has
a comprehensive Business Continuity Plan (BCP) based on ISO
17799 Business Continuity Management. The objective of this
plan is to continue critical offshore projects business operations
by minimizing the duration of a serious disruption to operations
and resources. The BCP further establishes management succession
and emergency powers and details preventive, recovery and
back-up strategies for timely offshore projects service restoration.
The following exhibit brings out Aricent-BCP methodology:
 |
 |
| Aricent Business Continuity
Plan Methodology |
For ensuring adequate protection of client-provided hardware
and software tools in offshore projects, Aricent's Security
Policy has Physical Security norms defined. The objective
of this initiative is to prevent unauthorized access, damage
and adverse interference to information assets by controlling
ID badges, visitors, restricted areas, clear desk, mail room
and emergency planning. Aricent has defined and segregated
its premises as (1) Aricent Site Space (2) Aricent Public
Space (3) Aricent Internal Space (4) Aricent Restricted Space.
All client-provided assets in offshore projects are kept in
the restricted space and access to this space is restricted
to a specifically authorized group of people.
Aricent has done a lot of path breaking work in the area of
Information Security to counteract interruptions to Aricent's
business activities in offshore projects and to protect critical
business processes from the effects of major failures or disaster.
Some of the innovative endeavors, taken in offshore projects
and other lines of businesses are mentioned in the following
points:
- Steps like insulation of computing and communication network
and geographically isolated facility augmented with comprehensive
guidelines and processes governing Computers and Network
Security ensure the security of IT resources in offshore
projects
- An in-house Information Security Organization, headed
by Aricent Chief Ethics / Security Officer is responsible
for developing, updating and communicating information on
Security Policy and implementation procedures in offshore
projects
- To ensure that information assets receive an appropriate
level of protection, Asset Classification and Control mechanism
classifies these assets into four classes-Aricent/Client
Confidential, Aricent Classified, Restricted and Un-restricted.
There exist guidelines defining the classification system
and ensuring review, update and audit of the system for
compliance
- Under the Personnel Security gamut, we have guidelines
for employee-responsibilities, training and incident reporting.
Users at Aricent sign non-disclosure agreement and information
security policy at the time of joining Aricent, at the start
of every year, at time of joining of a new sensitive project
and also at the time of resigning. To prevent unintentional
leakage of client-specific intellectual property, we ensure
non-overlapping teams with cool-off period for movement
of key personnel
These are just some of the well-documented steps, Aricent
diligently follows to ensure conformance to ISO 17799
Code of Practice for Information Security in all its projects
including offshore projects.
Last updated :
October 31, 2006
|
