12.1.1 Identification of Applicable Legislation
All the relevant statutory, regulatory and contractual requirements are explicitly defined for each information system. Netmagic abides by the rules and regulations laid down for different information systems as stated below:
a. Communication links: As per requirements of relevant regulatory authorities
b. OS and Hardware: As per regulations laid down by different vendors
c. Applications and software tools: The terms and conditions as laid down by the vendors
12.1.2 Intellectual property rights (IPR)
Copyright
Netmagic complies with the legal restrictions on the use of material in respect of which there are intellectual property rights such as copyright, design rights and trademarks. We at Netmagic don’t make illegal copies of the proprietary material. Only the licensed software is used within Netmagic.
Software Copyright
Netmagic abides by the license agreements of the proprietary software products that limits the use of products to specific machines and limit the copying to the creation of back-up copies only. The following controls are in place:
a. Appropriate Asset records are being maintained to keep the track of all the licenses and software being used organisation wide.
b. The softwares have built in controls to ensure that any maximum number of users permitted is not exceeded.
c. Netmagic complies with the terms and conditions of the software and information obtained from public networks.
d. All the licensed software that are being used, for example every desktop/servers have been delivered along with the pre installed operating system and licenses.
NETMAGIC takes all steps to protect its IPR as well as the customer IPR wherever applicable. Each NETMAGIC employee at the time of joining NETMAGIC has to sign up confidentiality agreement that prohibits him from disclosing proprietary information of NETMAGIC and its customer in any manner. Further the employee is also restricted from disclosing Prop info/information of customer even after he has resigned from NETMAGIC. Similarly all sub-contractors, vendors, consultants or any third party who is exposed to any information which is confidential in nature, has to sign NETMAGIC standard NDA.
12.1.3 Safeguarding of organizational records
Important records of the organization are well protected from loss and destruction. Some records are securely maintained to meet statutory or regulatory requirements, as well as to support essential business activities.
12.1.4 Data Protection and Privacy of Personal Information
Netmagic complies with the legal norms for customer data protection and abides by the spirit of privacy of personal information, to the extent deemed necessary.
12.1.5 Prevention of misuse of information processing facilities
The information processing facilities of an organization is provided for business purposes. A proper ‘rules of behavior and acceptable use policy’ is in place that clearly states the use of information facilities by an employee should be for business purpose only. Each Netmagic employee has to follow this policy. Rules of behavior and acceptable use training are imparted to every employee and they sign the acceptance of the same. Any abuse will be dealt with in accordance with disciplinary rules of Netmagic.
12.1.6 Regulation of cryptographic controls
At Netmagic we use Cryptographic encryption wherever necessary. We comply with applicable regulation standards on the use of cryptographic controls.
12.1.7 Collection of evidence
Rules for evidence
At Netmagic all records are being maintained to conform to the rules for evidence laid down by applicable regulation.
Admissibility of evidence
To achieve admissibility of the evidence, Netmagic ensures that their information system comply with standard practices. Transactions/event logs of servers, and mail logs are backed up and suitably protected to prevent modification/distruction.
Quality and completeness of evidence
To maintain the quality and completeness of all the evidences and records, regular audits are being done. Best practices are inculcated into our systems that are well defined and documented. These processes and activities are audited periodically.
12.2 Reviews of security policy and technical compliance
To ensure compliance of systems with organizational security policies and standards the security of information systems are regularly reviewed.
12.2.1 Compliance with security policy
The managers ensure that all the security procedures within their area of responsibility are carried out correctly. All the areas within the organization are considered for regular reviews to ensure compliance with security policy.
12.2.2 Technical compliance checking
Information systems are regularly checked for compliance with the security implementation standards. Technical compliance checking involves the examination of operational systems to ensure that hardware and software controls have been correctly implemented. A Technical team comprising of qualified system engineers will do a technical compliance checking of the systems implemented, at least once every year. The outcome of the compliance check would be the basis for future actions to improve the existing systems implemented.
12.3 System Audit Consideration
12.3.1 System Audit Controls
Audit requirements and activities involving checks on operations systems are carefully planned and agreed to minimize the risk of disruptions of business processes. The scope of the checks and the audit requirements are agreed and controlled with appropriate management.
12.3.2 Protections of System Audit Tools
All the scripts that are running on Netmagic servers are properly protected as only the super user has a right to modify and execute them and are kept in access restricted directory. All the network-auditing tools are under the control of network administrator and thus are well protected.
