Information Security Management System (ISMS) Policy
Policy Statement
IFinalyst Consulting and Technology LLP (“IFinalyst”), engaged in on-demand and project-based services including business research, market research, financial modeling, and investment banking support, is committed to safeguarding its information assets against all forms of threats, whether internal or external, deliberate or accidental.
The organization ensures the confidentiality, integrity, and availability of information while complying with all applicable legal, regulatory, statutory, and contractual obligations, including global data protection requirements. In alignment with ISO/IEC 27001, IFinalyst has established, implemented, and continually improves an Information Security Management System (ISMS) to manage sensitive information systematically and ensure business continuity.
Protection of Information Assets
IFinalyst is committed to protecting all information assets, whether physical or digital, against unauthorized access, disclosure, alteration, or destruction. Appropriate security controls are implemented to ensure that sensitive business and client information remains secure at all times.
Compliance
IFinalyst ensures adherence to all applicable legal, regulatory, and contractual requirements. This includes compliance with relevant data protection laws such as the Digital Personal Data Protection Act, 2023 (India), General Data Protection Regulation (GDPR), and other applicable frameworks, as well as client-specific confidentiality and security obligations.
Risk Management
IFinalyst follows a structured approach to identify, assess, and manage information security risks. Risks are continuously evaluated, and appropriate controls are implemented to mitigate potential threats. This approach ensures resilience, protects critical assets, and supports business continuity.
Incident Management
IFinalyst maintains defined procedures to detect, report, and respond to information security incidents. The organization ensures that incidents are managed promptly to minimize impact, investigate root causes, and implement corrective actions to prevent recurrence.
Access Control
Access to information is strictly controlled based on business requirements. IFinalyst follows the principles of least privilege and need-to-know, ensuring that only authorized personnel have access to sensitive information and systems.
Continuous Improvement
IFinalyst is committed to the continual improvement of its ISMS. The system is regularly reviewed through internal audits, management reviews, and performance evaluations to ensure its effectiveness in addressing evolving security risks and technological changes.
Training and Awareness
IFinalyst promotes a strong information security culture by conducting regular training and awareness programs. Employees and relevant stakeholders are educated on their responsibilities and best practices to ensure the protection of information assets.
Third-Party Security
IFinalyst ensures that all third-party vendors, contractors, and partners who access or process information adhere to its security requirements. Appropriate contractual agreements and controls are established to maintain the confidentiality and integrity of shared information.
Data Privacy and Protection
IFinalyst adopts a privacy-focused approach to data processing, ensuring that information is handled lawfully, fairly, and transparently. Adequate safeguards are implemented to protect personal and sensitive data in compliance with applicable data protection laws.
Leadership Commitment
The management of IFinalyst is fully committed to supporting the ISMS by allocating necessary resources, defining clear responsibilities, and fostering a culture of accountability and security awareness across the organization.
Scope and Applicability
This policy applies to all employees, consultants, contractors, and third-party service providers associated with IFinalyst. It covers all information assets that are owned, processed, stored, or transmitted by the organization.
Commitment
IFinalyst is dedicated to maintaining a robust Information Security Management System that protects its information assets, enhances client trust, ensures secure and reliable service delivery, and supports long-term business sustainability.