Every company has implemented Information Technology in their environment to speed up their production, communication and sales. It has increased the productivity of every company year by year. New technologies have made life easy. These days company’s business has no boundary because once you type www. XYZ .com, your company and its service is available 24*7. If you are giving the quality along with good price, your product has demand. Not only this, people are ready to invest in your company, as your profit figures roll their eye balls.
But the flip side is it has increased the responsibility of the all the levels of management. It has also increased new threats for production, communication and sales. It has increased threats about confidentiality, integrity and availability. It has increased a threat about your existence.
Traditional crimes have worn a new dress of technology. This means crimes are same but what has changed is way of committing crime, tools and methods. Crimes like hacking, data didling, data theft, copyright/ trademark/ patent infringement, defamation have taken place. Employees either with negligence or without knowledge or with intention are committing crimes. This has affected directly to the per share price of the company and company’s Goodwill. Investors are taking out their money for a simple reason that their money is not secure in such companies. Directors are attending court dates because they are either not aware of such crimes or they are negligent.
Then what exactly directors are signing in the Annual Report? How can management give the assurance to the investors that their money is safe and the management is trying its level best to achieve the trust of the investors? Because when you sign, automatically you are responsible for what you have said.
Let’s assume that in one company there is a cyber crime committed by an internal employee. In the Court of Law, the question may be raised by the Hon’ble judge or the defendant that whether the employee was aware or trained by the employer about what he was doing in his network or the consequences of the actions of employees. If the answer is No, then the management needs to answer as to why their employees are not trained. This is shows the careless attitude of the management and reduces the chances of winning the law suit. If the employees is trained and aware of what he was doing by using company’s IT infrastructure, then the intention is proved directly and the management‘s chances of winning the law suit will increase. The same thing is applied in case of Insurance claim.
Under the Information Technology Compliance, it is the duty of the senior management to protect the assets of the company which also include the IT infrastructure. It is said that the principle of ‘Due Care’ and ‘Due Diligence’ needs to be followed. And for that, action speaks more than words.
Government of India has in their Information Technology (Amendment) Act, 2008 inserted Section 43(A) which requires organizations to implement and maintain reasonable security practices and procedures for possessing, dealing and handling sensitive personal data or information.
IQSPL helps companies to take the first step and to comply with these two principles and follow the procedure given by the Indian Information Technology (Amendment) Act, 2008. IQSPL conducts a one day program of “IT Laws and Employee Awareness and Protection” followed by certification exam. In this seminar, we discuss the dos and don’ts for employees; we make them aware of the IT Laws of the country. To make sure that they have understood the IT laws and their responsibility towards using company’s assets, we conduct objective type, scenario based exam. The employees are given the certificate of attendance and participation from IQSPL.
This reduces the burden of the management, employees and investors. This reduces the business risks and helps to achieve the business objective with minimum efforts.