Information Security Policy 

1. Introduction

Devopstrio Ltd (“we”, “our”, “us”) is committed to protecting the confidentiality, integrity, and availability of all information assets across our operations in the UK, US, and India.

This Information Security Policy outlines the principles, responsibilities, and controls to safeguard company, client, and employee data. 

2. Scope

This policy applies to: 

  • All employees, contractors, and third-party vendors.
  • All information systems, networks, applications, and devices used for company operations.
  • All data processed or stored by Devopstrio Ltd, including client, employee, and partner information.

3. Security Objectives 

  • Protect sensitive and personal data against unauthorized access, disclosure, or loss.
  • Ensure compliance with UK GDPR, EU GDPR, CCPA/CPRA, DPDP Act (India), and other applicable laws.
  • Maintain operational resilience and continuity of IT systems.
  • Promote a security-aware culture across all employees and partners.

4. Governance & Responsibilities

  • Board of Directors: Accountability for overall security strategy.
  • Chief Information Security Officer (CISO) / Security Officer: Responsible for policy implementation, monitoring, and incident response.
  • Employees & Contractors: Must adhere to security policies, report incidents, and maintain confidentiality.
  • Third-Party Vendors: Must comply with contractual security obligations. 

5. Data Classification & Handling

  • Public: Information approved for public disclosure.
  • Internal: Company operational information not for public release.
  • Confidential: Sensitive business, client, or employee information.
  • Restricted/Personal Data: Personally identifiable information (PII) protected under GDPR, DPDP, or other laws.
  • All data must be handled according to its classification, including encryption, access controls, and secure storage.

6. Access Control 

  • Role-based access control (RBAC) ensures employees have access only to necessary information.
  • Strong authentication methods are required (passwords, MFA).
  • Accounts are disabled immediately upon termination or role change.

7. Network & System Security  

  • Firewalls, intrusion detection/prevention systems (IDS/IPS), and antivirus tools are deployed.
  • Regular patching and system updates are mandatory.
  • Network traffic is monitored for unusual activity.
  • VPN or secure channels are required for remote access. 

8. Application & Cloud Security 

  • Firewalls, intrusion detection/prevention systems (IDS/IPS), and antivirus tools are deployed.
  • Regular patching and system updates are mandatory.
  • Network traffic is monitored for unusual activity.
  • VPN or secure channels are required for remote access. 

9. Incident Management

  • Security incidents must be reported immediately to the Security Officer.
  • Incident response includes identification, containment, eradication, recovery, and post-incident review.
  • Breaches involving personal data are reported to regulators (e.g., ICO in UK, DPDP Board in India) and affected individuals as required.

10. Business Continuity & Disaster Recovery  

  • Critical systems have documented backup and recovery procedures.
  • Regular testing of disaster recovery plans is conducted.
  • Contingency plans ensure minimal operational disruption.

11. Employee Training & Awareness

  • All employees undergo mandatory security awareness and GDPR/DPDP compliance training.
  • Regular refresher courses and updates are provided. 

12. Third-Party Security 

  • Vendors must sign Security and Data Processing Agreements.
  • Vendor risk assessments are conducted before engagement.
  • Periodic audits ensure continued compliance. 

13. Physical Security 

  • Company offices and server rooms have controlled access.
  • Visitors are logged and escorted.
  • Equipment containing sensitive data is securely stored and disposed of. 

 14. Monitoring & Auditing

  • Continuous monitoring of systems, networks, and logs.
  • Regular internal and external audits of security controls.
  • Policy compliance is enforced through disciplinary action if breached.

15. Policy Review

  • This policy is reviewed annually or after significant changes to law, operations, or security threats.
  • Updates are communicated to all employees and relevant stakeholders. 


16. Contact

For security-related concerns or to report an incident:

Devopstrio Ltd – Security Office 

 UK Office: 128 City Road, London, EC1V 2NX.

 US Office: 522 Aventura Dr, Mt Juliet, Tennessee - 37122.

India Office: Embassy Golf Links Business Park, Bengaluru, Karnataka.

                       Primus Building, Door No. SP – 7A, Guindy Chennai, Tamil Nadu.

                       Rajeev Nagar, Pasuvanthanai, Thoothukudi, Tamil Nadu.

🌐 Website: www.devopstrio.co.uk