Security Policy

The purpose of the Information Security Policy is to provide a means for managing information risks and directives for the protection of all its information assets as well as those of its customers, and those contracted to provide services to Baseel Partners LLP (here in after referred to as ‘ the Company’).

The Company recognizes that information and the associated processes, systems, and networks are valuable assets and that the management of personal data as well as sensitive personal data has important implications for the organization. Through its security policies, procedures, and structure, the company facilitates the secure and uninterrupted flow of information, both within the organization and in external communication.

The company believes that security is an integral part of information sharing essential to the corporate endeavor. This policy is intended to support information security measures throughout the organization.

This policy applies to all the company personnel, contractors, and partners of the company. third party service providers providing hosting services or wherein data is held outside the Company premises shall also comply with this policy.

Note: Baseel Partners LLP and its associated companies (Baseel Limited (UK), Baseel IT Services LLP (India), Baseel IT LLC (Qatar), Baseel Consultancy LLC (Dubai), Deeshaa Limited (Gibraltar), Baseel Solutions Limited (UK), Baseel Arabia Limited(Saudi Arabia)) are in scope.  

The company is committed to protecting the security of itself as well as its customer information and information systems.

The company believes in leadership by ensuring quality as well as information security and remains committed to being the FIRST brand choice of our customers by providing “On-time Every-time Secured services” solutions in Business Process Outsourcing and Information Technology Services. We want to achieve a leading position in our industry by ensuring timely and reliable information security services. Information Security Management is the key of the company to deliver the services with continual improvement and to achieve customer satisfaction.

We will achieve this by:

• In our work for clients, we collect, use, and store a wide range of information including personal information (PI) and sensitive personal information (SPI). In doing so, we must follow these information security principles:
  • Confidentiality- Ensure the information may only be accessed by those who have been authorized because they have a legitimate reason for doing so.
  • Integrity- Maintain the accuracy and completeness of information and ensure only authorized users may edit or delete it.
  • Availability- Ensure information is available to authorized users when it is needed.
• Focusing on new ways of utilizing IT innovation to build products and services for today's dynamic business environment.
• Using all reasonable, appropriate, practical, and effective security measures to protect our important processes and assets to achieve our security objectives.
• Continually examining ways in which we can improve our use of security measures to protect and enhance our business and continual improvement in ISMS.
• Protecting and managing our information assets to enable us to meet our contractual, legal, regulatory, legislative, privacy, and ethical responsibilities, and satisfy applicable IS requirements and legal requirements.
• Providing our clients with continuous process improvements, productivity gains, and improved quality through a combination of domain expertise and technology-driven optimization.
• All company personnel must ensure to follow this policy and protect the security of information assets from unauthorized use, modification, disclosure, or destruction, whether accidental or intentional.

The security of information is the key focus of the Company’s ISO27001 risk assessment and management strategy. Using a risk-based approach to how information assets should be the company must ensure the security of all data held on our systems related to our own business, our clients, as well as our personnel. Having processes that align with identified information assets and their associated risks helps to ensure that systems are in place to provide the level and quality of information security required by the company and as per GDPR requirements.

The company will require each of our personnel and contractors to read and provide acceptance of the Information Security Policy.

Policy compliance review of the Information security policy will be carried out at periodic intervals by internal, and external auditors and findings reported to senior management in addition to management reviews. Internal audits are scheduled quarterly, Management reviews half-yearly, and external reviews annually.

Breaches of this policy and/or security incidents can be defined as events that could result in, loss or damage to the Company or our clients’ information, or an event that is in breach of the Company’s security procedures and policies. All the company personnel, contractors, suppliers, etc. contracted to provide services, which enable the company to carry out its business functions and deliver its services to the end client, have a responsibility to adhere to the policy.

The policy shall be reviewed every year or in case of major security incidents/changes to the risk landscape resulting in major changes to the existing IT environment affecting policy and procedures. The policy changes shall be approved by the Managing Director of the Company. This policy will remain in force until the next review/revision.