The overall objective of eDocs, towards Information Security, is to ensure protection of its Information Systems against damage/ destruction, unauthorized disclosure and changes, whether accidental or deliberate. The eDocs provides management directive for information security and recommends appropriate security controls that need to be implemented to maintain and manage the information security in eDocs. The specific Information Security Objectives of eDocs are:
- To identify the value of information assets and to understand the vulnerabilities & threats that may expose the information assets to risk, through a periodic risk assessment exercise.
- Manage the identified risks to an acceptable level through the design, implementation and maintenance of a formal Information Security Management System (ISMS).
- To comply with applicable legal, statutory, regulatory and contractual obligations pertaining to Information Security, be it for its own data or customer data held by eDocs
- To implement sufficient controls to minimize loss of eDocs information, data and other resources due to fraudulent activities.
- To define the requirements for continual improvement of ISMS.