Prahan-Logo

PJ Credit capital

Menu

It Policy

We Are Your Exclusive Assistant

Our dedication is to empower your financial aspirations through a diverse range of customized financial solutions.

Read More
Purpose


The purpose of this Information Technology (IT) Policy is to establish guidelines and procedures for the management, security, and compliance of IT systems, data, and infrastructure within PJ Credit Capital Private Limited. This policy is developed in accordance with the guidelines provided by the Reserve Bank of India (RBI) and is designed to safeguard the confidentiality, integrity, and availability of IT resources while ensuring compliance with regulatory requirements.

Scope


This IT Policy applies to all employees, contractors, and third-party vendors who access, use, or maintain PJ Credit Capital Private Limited IT resources, including but not limited to computers, networks, data, applications, and related infrastructure.

The Board on behalf of the Company lays down the criteria for Information Technology Policy. The guidelines in respect of Information Technology Policy in the Company broadly includes the following:


I. Basic security aspects such as physical/ logical access controls and well defined password policy;


The Board of the Company shall keep in mind the access to individual and control thereupon.

User Account Management

  • User access to IT resources shall be based on job roles and responsibilities.
  • Access to critical systems and data shall be reviewed and granted with appropriate approvals.
  • User account access shall be revoked immediately upon employee termination or change in responsibilities.


Password Management

  • Strong password policies shall be enforced.
  • Passwords shall be periodically changed.
  • Multi-factor authentication (MFA) shall be implemented for sensitive systems.


The Company shall have integrated system in place to safeguard the data.

Data Classification

  • Data shall be classified as per its sensitivity (e.g., confidential, sensitive, public).
  • Access controls and encryption shall be applied based on data classification.


Data Encryption

  • Data at rest and data in transit shall be encrypted, as appropriate.


Data Backup

  • Regular data backups shall be conducted and tested.
  • Backup copies shall be stored securely.


Security Incidents

  • Procedures for reporting and responding to security incidents shall be in place.
  • An incident response team shall be established.
  • Breach notifications to relevant authorities shall be made in accordance with RBI guidelines.

II. A well-defined user role:


Each user roles are essential to ensure that individuals within the organization have appropriate access, responsibilities, and privileges based on their job functions. Each user role shall be well-defined to maintain security, compliance, and efficiency.

The company shall prevent reliance on a single or a small number of individuals to perform specific tasks. It is essential to establish a clear delegation of authority for the ability to modify user profiles, permissions, and key business parameters, such as interest rates, which shall be properly documented.


III. A Maker-checker concept to reduce the risk of error and misuse and to ensure reliability of data/information:


The Maker-Checker concept is employed to mitigate the risk of errors and misuse, enhancing the reliability of data and information. This approach involves one person (the “Maker”) creating or modifying a record, while another person (the “Checker”) reviews and verifies the accuracy and integrity of the work before it is finalized or implemented.

IV. Information Security and Cyber Security:


Information security, is a broader concept that encompasses the protection of all forms of sensitive data and information within an organization. It includes not only digital data but also physical documents, intellectual property, and information in transit. The primary goal of information security is to safeguard the confidentiality, integrity, and availability of data. Key components of information security include:

  • Data Classification: Identifying and categorizing data based on its sensitivity and importance.
  • Access Control: Implementing measures to restrict access to data based on user roles and permissions.
  • Data Encryption: Encrypting data to protect it from unauthorized access or interception.
  • Physical Security: Protecting physical assets, like servers, data centers, and paper documents.
  • Incident Response: Developing plans and procedures to address and mitigate security incidents.
  • Policies and Procedures: Establishing guidelines and protocols for data protection.


Cyber security is a subset of information security that specifically focuses on safeguarding an organization’s digital assets and systems from cyber threats and attacks. It deals with the protection of networks, computer systems, and the data they contain. Cyber security measures are essential to defend against a wide range of threats, including malware, ransomware, phishing, hacking, and more. Key components of cyber security include:

  • Firewalls and Intrusion Detection/Prevention Systems: Implementing security tools to monitor and filter network traffic.
  • Endpoint Security: Protecting individual devices (e.g., computers, smartphones) from malware and unauthorized access.
  • Email and Web Security: Safeguarding email systems and web traffic from phishing and other online threats.
  • Vulnerability Management: Identifying and addressing weaknesses in systems and software.
  • Security Awareness Training: Educating employees about safe online practices and recognizing threats.
  • Penetration Testing and Ethical Hacking: Testing systems for vulnerabilities through controlled hacking attempts.
  • Cyber Incident Response: Preparing for and responding to cyber incidents, including data breaches.
V. Requirements as regards Mobile Financial Services, Social Media and Digital Signature:


Mobile Financial Services and Information Security:

Companies already using or planning to implement Mobile Financial Services shall establish a framework for safeguarding the information assets utilized by mobile applications to serve customers. The technology employed for mobile services shall guarantee confidentiality, integrity, authenticity, and incorporate end-to-end encryption to ensure the security of transactions and customer data.

Social Media Risks:

Companies leveraging Social Media for marketing purposes need to be well-prepared to address the risks and threats associated with this platform. Given that Social Media is susceptible to issues like account takeovers and the distribution of malware, organizations shall implement robust controls, such as encryption and secure connections, to effectively mitigate these risks.

Digital Signatures:

A Digital Signature Certificate serves to electronically authenticate an entity’s identity, enhancing the security of online transactions and preserving the privacy of information exchanged. Companies may consider the adoption of digital signatures to safeguard the authenticity and integrity of crucial electronic documents, as well as to ensure the security of high-value fund transfers.

VI. System generated reports for Top Management summarizing financial position including operating and non-operating revenues and expenses, cost benefit analysis of segments/verticals, cost of funds, etc.


The company’s IT function is responsible for supporting a robust and comprehensive Management Information System (MIS) tailored to the specific needs of the business. An effective MIS shall cater to information requirements at all organizational levels, including top management.

The company shall implement an MIS that aids top management and business heads in decision-making and provides oversight over the operations of different business units. With a well-established IT infrastructure, the company shall include the following components in its system-generated MIS:

  • Implementation of a system that identifies and classifies Special Mention Accounts and Non-Performing Assets (NPAs), along with the generation of relevant MIS reports.
  • The MIS shall support product pricing, particularly for substantial loans, by providing relevant data and analysis.
  • Financial reports, encompassing both operating and non-operating revenues and expenses, cost-benefit analyses for different segments or verticals, the cost of funds, and regulatory compliance at the transaction level, shall be part of the MIS.
  • It shall also capture and manage regulatory requirements and ensure compliance with them.


In essence, the company’s IT function plays pivotal role in establishing a versatile MIS that empowers decision-makers at all levels and ensures efficient oversight and compliance across various business functions.

VII. Adequacy to file regulatory returns to RBI (COSMOS Returns):

The Company shall be accountable for determining the necessary actions in response to reported observations and recommendations during compliance assessments. In order to establish an effective framework for compliance, it is essential to define the following:

  • Responsibilities for Compliance: Clearly outline the roles and responsibilities of individuals and departments responsible for ensuring compliance with regulatory requirements and the management of compliance-related issues.
  • Sustenance of Compliance: Describe how ongoing compliance with regulations and guidelines will be sustained, maintained, and monitored. This may involve continuous monitoring, audits, and internal controls.
  • Reporting Lines: Define the reporting structure for compliance matters, including how and to whom compliance reports shall be submitted. Specify the channels through which compliance issues shall be communicated within the organization.
  • Timelines for Submission of Compliance: Establish clear timelines for the submission of compliance reports, reviews, and corrective actions. Timely reporting and resolution of compliance issues are crucial to mitigate risks.
VIII. A BCP policy duly approved by the Board ensuring regular oversight of the Board by way of periodic reports (at least once every year):

It is imperative that the policy be formally approved by the Board of Directors. It shall also undergo a regular review, either annually or in response to significant changes in the existing IT environment that could impact policy and procedures. This review shall be carried out by the Chief Information Security Officer (CISO), and the updated policy shall be presented to the Board for reapproval.

Furthermore, the company shall conduct an extensive risk assessment of its IT systems at least annually. This assessment shall involve an analysis of potential threats and vulnerabilities to the company’s IT assets, as well as an evaluation of existing security controls and processes. The primary objective of this exercise is to identify and understand the risks inherent in the IT environment and to determine the requisite level of controls for effective risk mitigation.

By following this process, the company can ensure that its IT systems are subject to regular and rigorous risk assessments, that controls are adjusted as necessary, and that the Board maintains oversight of this critical aspect of information security.

IX. Arrangement for backup of data with periodic testing:


Regular backups of all data shall be created and periodically tested to ensure the preservation and integrity of the data. All records shall be stored on day to day basis in the company’s centralized electronic record software database.

Image of human hands pointing at computer screen in working environment at meeting

Numbers Speak

Employees
0
Branches
0
Borrowers
0
States
0
PJ Credit CAPITAL

PJ Credit Capital Private Limited established since 1989 is a well-functioning Non-Banking Financial Institution classified as non-deposit taking type and registered with Reserve Bank of India.

(CIN: U65929MP1989PTC005292)

Linkedin Facebook Instagram
Quick links
CONTACT
  • 079-49232064
  • info@pjcreditcapital.in
  • Registered Office
    609, NRK Bizz Park, Vijay Nagar Square Indore, Madhya Pradesh- 452010, India.
  • Corporate Office
    504, Z-One, Near Avalon Hotel, Off Sindhu Bhavan Road, Bodakdev, Ahmedabad, Gujarat- 380054, India.
Copyright © 2023 PJ Credit Capital
Developed by The Signature Design & Web Solutions