ISO/IEC 27001

ISO/IEC 27001 Compliance Policy for Digitised Renewables Energy Tech Pvt. Ltd.

Our latest security audit report (August 2023) is available here.

1. Introduction

Digitised Energy recognizes the paramount importance of information security in today's digital landscape. As a provider of B2B SAAS solutions in the energy sector, we are entrusted with sensitive data from our clients, necessitating robust measures to ensure its confidentiality, integrity, and availability. To underscore our commitment to information security, Digitised Energy adheres to the ISO/IEC 27001 standard, a globally recognized framework for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). This policy outlines our approach to achieving and maintaining ISO/IEC 27001 compliance by proxy through the engagement of sub-processors who themselves are fully compliant with ISO/IEC 27001 standards.

2. Scope

This policy encompasses all facets of Digitised Energy's B2B SAAS product and extends to the entirety of our ISMS, as defined by ISO/IEC 27001. It applies to all employees, contractors, and third-party entities involved in the processing, storage, or transmission of information related to our B2B SAAS product.

3. ISO/IEC 27001 Compliance by Proxy

Digitised Energy acknowledges that while we are directly responsible for the security of our B2B SAAS product and the data it handles, we also rely on the services of sub-processors to fulfill certain functions. To ensure that these sub-processors uphold the same stringent standards of information security that we do, we engage only those who possess valid ISO/IEC 27001 certifications. By leveraging the expertise and resources of ISO/IEC 27001 compliant sub-processors, Digitised Energy extends the compliance umbrella to our B2B SAAS product, thereby reinforcing the integrity of our ISMS.

4. Sub-Processor Selection and Management

  • Selection Criteria: Prior to onboarding any sub-processor, Digitised Energy conducts comprehensive due diligence to evaluate their information security practices, capabilities, and track record. We prioritize selecting sub-processors with a demonstrated commitment to ISO/IEC 27001 compliance.

  • Contractual Obligations: Contracts with sub-processors explicitly stipulate the requirement for adherence to ISO/IEC 27001 standards throughout the duration of their engagement with Digitised Energy. This includes provisions for regular audits, assessments, and compliance reporting.

  • Ongoing Monitoring: Digitised Energy maintains a robust system for monitoring the performance and compliance status of sub-processors. Regular audits and assessments are conducted to verify adherence to ISO/IEC 27001 requirements, with any deviations addressed promptly through corrective action plans.

5. Continuous Improvement

Digitised Energy recognizes that achieving ISO/IEC 27001 compliance is not a one-time endeavor but an ongoing journey of continual improvement. We are committed to regularly reviewing and enhancing our information security practices, policies, procedures, and controls to adapt to evolving threats, technological advancements, and regulatory requirements. This includes soliciting feedback from stakeholders, conducting risk assessments, and implementing lessons learned from security incidents or breaches.

6. Compliance Documentation

Digitised Energy maintains comprehensive documentation pertaining to ISO/IEC 27001 compliance, including but not limited to:

  • ISO/IEC 27001 certificates of compliance for sub-processors

  • Contracts and agreements with sub-processors, outlining security obligations

  • Audit reports, assessments, and compliance documentation related to sub-processors

  • Internal policies, procedures, and guidelines governing information security practices

Access to relevant compliance documentation is provided to authorized personnel and stakeholders upon request, subject to confidentiality and data protection requirements.

7. Compliance Verification

Digitised Energy's sub-processors undergo regular audits and assessments conducted by accredited third-party assessors to validate compliance with ISO/IEC 27001 standards. Additionally, clients may request access to relevant compliance documentation to independently verify our adherence to industry best practices and regulatory requirements. We are committed to transparency and collaboration in ensuring the security and integrity of our B2B SAAS product.

8. Training and Awareness

Digitised Energy recognizes that the effectiveness of our ISMS relies not only on technical safeguards but also on the knowledge, skills, and awareness of our personnel. To this end, we provide regular training and awareness programs on information security best practices, including the principles of ISO/IEC 27001 compliance. All employees, contractors, and relevant stakeholders are equipped with the necessary tools and knowledge to fulfill their roles and responsibilities in safeguarding information assets and maintaining the integrity of our B2B SAAS product.

9. Non-Compliance and Corrective Action

Digitised Energy treats instances of non-compliance with ISO/IEC 27001 standards with the utmost seriousness. Any identified deviations from established policies, procedures, or controls are promptly investigated to determine root causes and underlying issues. Corrective action plans are developed and implemented to address deficiencies and prevent recurrence. Additionally, lessons learned from non-compliance incidents are incorporated into our continuous improvement efforts to strengthen our ISMS and mitigate future risks.

10. Conclusion

By adhering to the principles outlined in this policy and leveraging the expertise of ISO/IEC 27001 compliant sub-processors, Digitised Energy reinforces its commitment to information security excellence. We strive to uphold the highest standards of confidentiality, integrity, and availability in our B2B SAAS product, earning the trust and confidence of our clients and stakeholders. This policy serves as a testament to our ongoing dedication to ISO/IEC 27001 compliance and our relentless pursuit of continuous improvement in information security practices.

This policy is subject to periodic review and updates to reflect changes in regulatory requirements, industry standards, and organizational needs.

Date of Last Revision: 18-May-2024