ISO 27001 Certified Security Process

We understand that IP (Intellectual Property) protection is a key concern in outsourcing. We have put a lot of focus on developing a world-class outsourcing security program and undergoing a rigorous certification process to ensure best-in-class security protection to our clients. Our Information Security Management System (ISMS) complied with industry’s highest information security management standards recognised by ISO/IEC 27001 accreditation.

IMT’s ISO 27001:2013 evaluation process was conducted by DAS Certification, an UK company. This thorough assessment included multiple rounds of audits to verify both IMT’s compliance to defined ISMS policies and procedures, as well as implementation and institutionalization across all areas of the company’s business. On the on-going basis, IMT will receive annual surveillance audits from DAS Certification.

We address security in infollowing areas:

• Asset management - inventory and classification of information assets
• Human resources security - security aspects for employees joining, moving and leaving the company
• Physical and environmental security - protection of the computer facilities including camera covers all entrances, software installation control, PC and laptop control, removable device control…
• Communications and operations management - management of technical security controls in systems and networks
• Access control - restriction of access rights to networks, systems, applications, functions and data such as individual access control card, lab restrict access control, user access right control…
• Information security incident management - anticipating and responding appropriately to information security breaches
• Business continuity management - protecting, maintaining and recovering business-critical processes and systems
• Compliance - ensuring conformance with information security policies, ISO 27001:2013 standard, laws and regulations