Information Security Policy

Our commitment to confidentiality, integrity, and availability of information assets.

Information Security Policy Statement – Dharmos

1. Introduction

Dharmos is committed to ensuring the highest level of information security for its clients, partners, employees, and stakeholders. This Information Security Policy provides a framework for maintaining and continually improving the confidentiality, integrity, and availability of information assets.

2. Scope

This policy applies to all employees, contractors, partners, and service providers who have access to Dharmos systems, data, and infrastructure, regardless of their location.

3. Objectives

  • Prevent unauthorized access, disclosure, alteration, and destruction of information.
  • Safeguard client and organizational data through appropriate controls.
  • Ensure compliance with applicable laws, regulations, and industry standards.

4. Security Principles

  • A. Confidentiality – Ensuring that information is accessible only to those authorized.
  • B. Integrity – Safeguarding the accuracy and completeness of information.
  • C. Availability – Ensuring that authorized users have access to information and systems when required.

5. Controls & Measures

  • A. Access Control – Role-based access, MFA, and strict password policies.
  • B. Data Protection – Encryption in transit and at rest, DLP policies, secure backup.
  • C. Network Security – Firewalls, intrusion detection, regular vulnerability scans.
  • D. Endpoint Security – Antivirus, device control, patch management.
  • E. Application Security – Secure coding practices, periodic pen-testing.
  • F. Incident Management – Clearly defined procedures for detection, response, and recovery.

6. Employee Responsibilities

  • Complete mandatory security training.
  • Report any suspected security incidents.
  • Handle all data with appropriate care and diligence.

7. Third-Party Vendors

Third-party service providers must comply with Dharmos’s security policies and are assessed regularly for compliance and risk.

8. Compliance and Governance

Regular internal and external audits are conducted to ensure compliance with ISO/IEC 27001 and other relevant standards.

9. Review & Updates

This policy is reviewed annually and updated as necessary to respond to changes in laws, technology, and business operations.

10. Conclusion

Dharmos considers information security a shared responsibility and is committed to fostering a security-conscious culture across the organization.