Documented operating procedures-

12.1.1. Purpose
The purpose of Blue Frontier Company's documented operating procedures is to
ensure the protection of company, client, and consumer data. These procedures
are designed to minimize the risk of security breaches, prevent legal or business
continuity implications, and demonstrate a commitment to safeguarding
valuable information.
12.1.2 Scope
The scope of Blue Frontier's documented procedures covers both hosted and on-
premises data systems, as outlined in their GDPR Statement. As an ISO
27001:2013 accredited organization, Blue Frontier has established technical and
organizational measures that exceed the requirements under the GDPR
regulation, providing stakeholders with confidence in the responsible handling of
data.
12.1.3 policy
 According to the GDPR law, Blue Frontier serves as both a data controller
and a data processor for its clients. They gather login credentials
(passwords, IP addresses, cookies), contact details (name, address, email),
and browsing and navigation history from the internet. This information is
utilized to improve user experience on the website and to notify customers
about news, deals, and items.
 When required by law or to identify, get in touch with, or take legal action
against those causing harm, Blue Frontier may divulge contact
information. Comments are kept forever along with their metadata so that
any follow-up comments are automatically approved. Customers can ask
for their personal data to be exported or to be erased, apart from
information needed for administrative, legal, or security needs.

Access control policy

9.1.1. Purpose
Blue Frontier has implemented access control policies to protect its premises and
data systems. The purpose of these policies is to minimize the risk of
unauthorized access, data breaches, and ensure the security of company, client,
and consumer information.
9.1.2 Scope
Blue Frontier's access control techniques encompass both logical and physical
security measures. Control of Physical Access The building's entry is protected by
a shutter, and the area is constantly watched over and alarm system activated.
Multiple levels of key-based access control, including registered key holders and
restricted key access, limit access to the building.

9.1.3 policy
  Building Security: To prevent unwanted access, the building's entrance is
guarded by a shutter, and the grounds are constantly monitored and
sound an alarm.
 Key-Based Access Control: This system limits entry to the building by
using keys. Keys are only accessible to registered key holders,
guaranteeing restricted access to the building.

Secure disposal or re-use of equipment

11.2.7. Purpose
Blue Frontier Company's Secure Disposal or Reuse of Equipment policy is
designed to manage the correct treatment of equipment, prioritizing data
security and preventing unauthorized access to confidential information. This
policy focuses on the secure disposal or reuse of equipment, considering both
physical safety and data protection. It aims to minimize data breach risks and
safeguard the privacy of company, client, and customer data.
11.2.8 Scope
This policy addresses the secure disposal or reuse of all physical and unattended
user equipment at Blue Frontier, with the aim of managing and safeguarding
data stored on these devices. The policy's implementation aims to preserve the
integrity of the company's information security management system and adhere
to data protection regulations as per ISO/IEC 27001:2013 certification
requirements.
11.2.9 policy
 Building Security: To prevent unwanted access, the building's entrance is
guarded by a shutter, and the grounds are constantly monitored and
sound an alarm.
 Key-Based Access Control: This system limits entry to the building by using
keys. Keys are only accessible to registered key holders, guaranteeing
restricted access to the building.
 Data Access Restrictions: Depending on the needs of the business, access
to data on internal systems is limited. Users are only allowed access to the
data that is required for their roles.
 Individual User Passwords: To improve security and accountability, every
user is given a different password to access the system.
 Firewall Protection: A hardware firewall that is under control and
observation protects the network. Every machine also has software
firewalling activated to thwart unwanted access.
 Inventory of assets
8.1.1. Purpose
Keeping an asset inventory is crucial for safeguarding private and corporate data
as well as for making sure regulations, rules, and data protection laws are
followed. The ability to identify and manage assets in accordance with corporate
objectives and risk strategies is made possible by an asset inventory, which is
essential to security management.

8.1.2 Scope
Names, addresses, phone numbers, and other personally identifiable information
that can be used to identify specific people are included in the inventory. This
information was gathered during business operations and service delivery. The
inventory comprises a detailed list of all the assets that the company possesses.
These include physical assets like cars, office furniture, and hardware, as well as
intangible assets like digital resources and software licenses.
8.1.3 policy
 Blue Frontier gathers contact details, identifying information, and internet
usage data for clients, serving as both a data controller and a data
processor.
 They make use of this information to notify customers about news, deals,
and products while also making sure that data protection laws are
followed, and the website is optimized.
 Blue Frontier has achieved ISO 27001:2013 certification, surpassing the
technological and organizational standards mandated by GDPR laws.
 To safeguard data, they have put in place organizational and technical
safeguards such firewalls, logging/monitoring systems, anti-malware
software, key-based access control, round-the-clock monitoring, and
unique user passwords.

Contact with authoritie

6.1.5 Purpose
 Data Protection Compliance: To guarantee adherence to data protection
laws like the GDPR, Blue Frontier works with organizations like the
Information Commissioner's Office (ICO). Regulatory Engagement: To
ensure compliance with legal requirements and security standards,
regulatory engagement may involve contacting authorities and asking for
advice, recommendations, or referrals regarding data processing services.
 Security Measures: Blue Frontier's cooperation with law enforcement
shows its dedication to upholding organizational and technical safeguards
 that go above and beyond legal requirements, including their ISO
27001:2013 accreditation, to preserve compliance and secure data.
6.1.6 Scope
ISO 27001 Compliance: Blue Frontier's engagement with authorities aligns with
their ISO 27001:2013 accreditation, demonstrating a commitment to exceeding
the technical and organizational measures required by this standard and
regulatory bodies like the ICO.
GDPR Compliance Manual: The company has internal consultants who have
created a GDPR compliance manual, acting as an addendum to ISO27001:2013,
containing additional policies and records in line with GDPR requirements.
Data Controller and Processor Responsibilities: Blue Frontier acts as both a data
controller and data processor for clients, necessitating contact with authorities to
ensure compliance with data protection regulations and seek assurances from
processors regarding data security measures.

6.1.7 policy
 Policy Term: Available for one, two, or three years with various Sum
Insured options.

 Coverage: Includes in-patient hospitalization, pre-hospitalization, post-

hospitalization, room rent, ICU charges, road ambulance, day care
procedures, and cataract treatment.

 co-payment: Subject to a 30% co-payment for all claims.

 Benefits: Coverage for outpatient consultations, no pre-insurance medical

screening, coverage for pre-existing diseases after one year, and tax
benefits under Section 80-D of the Income Tax Act 1961.

Information security policy for supplier relationships

12.1.1. Purpose
 Data Security: The protection of backup information aims to ensure the
security and integrity of data backups to prevent data loss, maintain
business continuity, and safeguard against potential threats like data
breaches or system failures.
 Compliance: Ensuring the protection of backup information aligns with
regulatory requirements, such as GDPR, ISO 27001, and other data
protection standards, to maintain compliance and protect sensitive data.
 Risk Mitigation: By safeguarding backup information, Blue Frontier can
mitigate risks associated with data loss, unauthorized access, or system
disruptions, enhancing the resilience of their data management practices.
12.1.2 Scope
 ISO 27001 Compliance: Blue Frontier's ISO 27001 certification
demonstrates their commitment to implementing technical and
organizational measures to protect backup information and exceed the
standards required by this certification.
 Technical Measures: The company employs multiple layers of physical and
logical security measures to protect backup information, including key-
based access control, 24/7 monitoring, unique user passwords, anti-
malware systems, firewalls, and logging/monitoring systems.
 Data Protection Policies: Blue Frontier has established policies and
procedures to prevent leakage, loss, alteration, or damage of acquired
personal information, including backup data, and to take corrective
measures as required to maintain the security and integrity of backup
information.
12.1.3 policy
 Blue Frontier's company policies are subject to intermittent amendment
and cover various aspects such as privacy, cookies, and terms &
conditions.
 These policies are regularly reviewed, and individuals are encouraged to
reach out to learn more about the company's services and how they can
benefit their business.
 Blue Frontier, as an ISO 27001:2013 accredited organization, exceeds the
technical and organizational measures required under GDPR regulations.
 They have internal consultants who have created a GDPR compliance
manual that acts as an addendum to ISO27001:2013, containing
additional policies and records in line with GDPR requirements.
 The company has multiple layers of physical and logical security in place,
including key-based access control, 24/7 monitoring, unique user
passwords, anti-malware systems, firewalls, and logging/monitoring
systems.
Protection of backup information
9.1.2 Purpose
The purpose of protecting backup information at Blue Frontier includes:
Ensuring data security and integrity through organizational and technical
measures aligned with ISO 27001:2013 standards and GDPR compliance.
Emphasizing cyber resilience by implementing secure backups, monitoring data
risks, reducing data exposure, and facilitating faster restoration of business
operations
Providing features like air-gapped, immutable, and access-controlled backups to
protect against cyber threats like ransomware and insider attacks.
Maintaining data integrity, preventing data loss, and ensuring business
continuity by implementing robust security measures and compliance standards
9.1.3 scope
  The scope of protecting backup information at Blue Frontier includes:
 Implementing organizational and technical measures aligned with ISO
27001:2013 standards and GDPR compliance to ensure data security and
integrity
 Emphasizing cyber resilience through secure backups, monitoring data
risks, reducing data exposure, and facilitating faster restoration of
business operations
 Providing features like air-gapped, immutable, and access-controlled
backups to protect against cyber threats like ransomware and insider
attacks
 Maintaining data integrity, preventing data loss, and ensuring business
continuity by implementing robust security measures and compliance
standards
 Aligning data protection efforts with their focus on sustainability,
efficiency, and innovation in air conditioning technology

9.1.4 policy
implementing organizational measures aligned with ISO 27001:2013 standards
and GDPR compliance to ensure data security and integrity
Emphasizing cyber resilience through secure backups, monitoring data risks,
reducing data exposure, and facilitating faster restoration of business operations
Providing features like air-gapped, immutable, and access-controlled backups to
protect against cyber threats like ransomware and insider attacks.
Maintaining data integrity, preventing data loss, and ensuring business
continuity by implementing robust security measures and compliance standards
Aligning data protection efforts with their focus on sustainability, efficiency, and
innovation in air conditioning technology

Mobile device policy

12.1.1. Purpose
 Data Security: The mobile device policy aims to establish guidelines for
accessing corporate data on both company-owned and personal devices,
emphasizing security measures and compliance requirements to
safeguard data and IT infrastructure.
 Compliance: The policy ensures compliance with regulatory standards and
educates end users on acceptable use, data protection measures, and
management standards to protect sensitive data and uphold legal
requirements.
  Risk Mitigation: By implementing a robust mobile device policy, Blue
Frontier mitigates the risk of unauthorized access to corporate data,
ensures data encryption, and enables remote wipe capabilities to protect
sensitive information in case of loss or theft.
12.1.2 Scope
 Acceptable Use: The policy outlines expectations for employees using their
devices to interact with corporate data, emphasizing the importance of
keeping apps up to date, enabling encryption, and refraining from
accessing illicit or proprietary content.
 Authentication and Access Controls: Strict access controls like strong
passwords and biometric authentication are enforced to reduce the risk of
unauthorized access. Conditional access tools ensure devices comply with
specific criteria and enforce authentication requirements.
 MDM Enrolment: Mobile Device Management (MDM) tools are used to
centrally enforce security policies, including remote device wipe,
configuration management, and app distribution for all mobile devices in
the organization.
12.1.3 policy
 Blue Frontier's company policies are subject to intermittent amendment
and cover various aspects such as privacy, cookies, and terms &
conditions.
 These policies are regularly reviewed, and individuals are encouraged to
reach out to learn more about the company's services and how they can
benefit their business.
 GDPR Statement:
 Blue Frontier, as an ISO 27001:2013 accredited organization, exceeds the
technical and organizational measures required under GDPR regulations.
 They have internal consultants who have created a GDPR compliance
manual that acts as an addendum to ISO27001:2013, containing
additional policies and records in line with GDPR requirements.
 The company has multiple layers of physical and logical security in place,
including key-based access control, 24/7 monitoring, unique user
passwords, anti-malware systems, firewalls, and logging/monitoring
systems.
User access management
9.1.2 Purpose
User access management at Blue Frontier includes various aspects to ensure
secure and efficient access to resources. It involves setting permission guardrails
with broad permissions and moving towards least privilege by utilizing fine-
grained access controls. Blue Frontier manages workload and workforce
identities across AWS accounts, granting temporary security credentials for
workloads and workforce access using IAM Identity Center. Additionally, Blue
Frontier analyses access, validates IAM policies, and continually refines
permissions towards least privilege, ensuring comprehensive visibility and
control over permissions for any identity and resource in AWS.
9.1.3 scope
  Setting permission guardrails with broad permissions and moving towards
least privilege by utilizing fine-grained access controls
 Managing workload and workforce identities across AWS accounts,
granting temporary security credentials for workloads and workforce
access using IAM Identity centre
 Analysing access, validating IAM policies, and continually refining
permissions towards least privilege, ensuring comprehensive visibility and
control over permissions for any identity and resource in AWS
9.1.4 policy
 Setting permission guardrails with broad permissions and moving towards
least privilege by utilizing fine-grained access controls
 Managing workload and workforce identities across AWS accounts,
granting temporary security credentials for workloads and workforce
access using IAM Identity Center
 Analysing access, validating IAM policies, and continually refining
permissions towards least privilege, ensuring comprehensive visibility and
control over permissions for any identity and resource in AWS
 Focusing on implementing the principle of least privilege by granting only
the necessary permissions to users and resources

Return of assets
9.1.2 Purpose
The purpose of Return of assets at Blue Frontier includes maximizing return while
managing downside risk through their Core Strategies. These strategies are
designed to provide long-term capital appreciation via equity markets with
moderate volatility, seeking to grow the value of assets while favouring active
management to moderate expected downside risk. Blue Frontier's Core
Strategies aim to offer a risk-managed foundation for portfolios, ensuring
consistent performance in ever-changing markets and maximizing investor
success while minimizing downside risk.
9.1.3 scope
The scope of return of assets at Blue Frontier includes maximizing return while
managing downside risk through their Core Strategies. These strategies are
designed to provide long-term capital appreciation via equity markets with
moderate volatility, seeking to grow the value of assets while favouring active
management to moderate expected downside risk. Blue Frontier's Core
Strategies aim to offer a risk-managed foundation for portfolios, ensuring
consistent performance in ever-changing markets and maximizing investor
success while minimizing downside risk.
9.1.4 policy
The policy of Return of assets at Blue Frontier includes maximizing return while
managing downside risk through their Core Strategies. These strategies are
designed to provide long-term capital appreciation via equity markets with
moderate volatility, seeking to grow the value of assets while favouring active
management to moderate expected downside risk. Blue Frontier's Core
Strategies aim to offer a risk-managed foundation for portfolios, ensuring
consistent performance in ever-changing markets and maximizing investor
success while minimizing downside risk.

Removal of assets
9.1.2 Purpose
The search results do not contain any information about the purpose of removal
of assets at Blue Frontier. The results focus on Blue Frontier's services related to
cyber security, cloud migration, and air conditioning technology. There is no
mention of asset removal or divestment.

9.1.3 scope
The scope of removal of asset at Blue Frontier is not directly provided in the
search results provided. The information available focuses on Blue Frontier's
terms and conditions, privacy policies, GDPR compliance, cyber security services,
and sustainability campaigns. There is no specific mention of the scope of asset
removal within the context of Blue Frontier's operations.
9.1.4 policy
The search results do not contain any information about Blue Frontier's policy
regarding removal of assets. The results focus on Blue Frontier's terms and
conditions, privacy policies, GDPR compliance, cyber security services, and
sustainability campaigns. There is no specific mention of any policy related to
asset removal or divestment within the context of Blue Frontier's operations.

Secure development environment

9.1.2 Purpose
Ensuring the security of web applications and websites by protecting them
against cyber threats
Identifying weaknesses or holes in web applications that could be targets for
hackers through vulnerability assessments and penetration testing
Providing real-time resolution for any application vulnerabilities and
recommending ways to remediate them
Conducting web application vulnerability testing on a schedule to identify issues
in a fast-changing threat landscape and proactively fix them before exploitation
9.1.3 scope
Ensuring the security of web applications and websites by protecting them
against cyber threats
Identifying weaknesses or holes in web applications that could be targets for
hackers through vulnerability assessments and penetration testing
Providing real-time resolution for any application vulnerabilities and
recommending ways to remediate them
9.1.4 policy
Ensuring the security of web applications and websites by protecting them
against cyber threats
Identifying weaknesses or holes in web applications that could be targets for
hackers through vulnerability assessments and penetration testing
Providing real-time resolution for any application vulnerabilities and
recommending ways to remediate them
Conducting web application vulnerability testing on a schedule to identify issues
in a fast-changing threat landscape and proactively fix them before exploitation
teleworking
9.1.2 Purpose
Allowing new starters to begin their employment with the company while
working remotely
Promoting work-life balance and reducing commuting-related carbon emissions
Utilizing video conferencing and virtual collaboration tools to minimize the need
for travel
9.1.3 scope
Allowing new starters to begin their employment with the company while
working remotely
Promoting work-life balance and reducing commuting-related carbon emissions
Utilizing video conferencing and virtual collaboration tools to minimize the need
for travel
Providing technical support and ensuring smooth operation of VPNs and
necessary programs for remote work
9.1.4 policy
Allowing new starters to begin their employment with the company while
working remotely
Promoting work-life balance and reducing commuting-related carbon emissions
Utilizing video conferencing and virtual collaboration tools to minimize the need
for travel
Providing technical support and ensuring smooth operation of VPNs and
necessary programs for remote work

Identification of applicable legislation and contractual requirements

9.1.2 Purpose
The purpose of Identification of applicable legislation and contractual
requirements at Blue Frontier includes ensuring compliance with legal, statutory,
regulatory, and contractual requirements related to information security. This
process involves understanding and maintaining compliance with various laws,
regulations, and contractual obligations that specify requirements related to the
appropriate management and protection of information. Blue Frontier aims to
have a clear understanding of its obligations at any given time and be prepared
to adapt its information security practices in accordance with its role as a
responsible data handler.
9.1.3 scope
Understanding and maintaining compliance with various laws, regulations, and
contractual obligations related to information security.
Ensuring that the organization identifies and manages the relevant legislative,
statutory, regulatory, and contractual requirements in their information security
policy document.
Potentially requiring additional evidence beyond a statement in the policy, such
as a separate defined list of laws or communication from the legal department,
depending on the organization's specific context and requirements
9.1.4 policy
The policy of Identification of applicable legislation and contractual requirements
at Blue Frontier includes ensuring compliance with various laws, regulations, and
contractual obligations related to information security. This involves identifying
and managing the relevant legislative, statutory, regulatory, and contractual
requirements in their information security policy document. Blue Frontier aims to
maintain transparency and integrity by adhering to all applicable laws,
regulations, and industry standards, conducting business with honesty, integrity,
and fairness, and establishing robust systems for risk management, internal
controls, and accountability to ensure responsible management of resources and
assets.
Management direction for information security
9.1.2 Purpose
The purpose of Management direction for information security at Blue Frontier
includes ensuring compliance with various laws, regulations, and contractual
obligations related to information security. This involves identifying and
managing the relevant legislative, statutory, regulatory, and contractual
requirements in their information security policy document. Blue Frontier aims to
maintain transparency and integrity by adhering to all applicable laws,
regulations, and industry standards, conducting business with honesty, integrity,
and fairness, and establishing robust systems for risk management, internal
controls, and accountability to ensure responsible management of resources and
assets.
9.1.3 scope
 Ensuring compliance with various laws, regulations, and contractual
obligations related to information security.
 Identifying and managing the relevant legislative, statutory, regulatory,
and contractual requirements in their information security policy
document
 Maintaining transparency and integrity by adhering to all applicable laws,
regulations, and industry standards, conducting business with honesty,
integrity, and fairness, and establishing robust systems for risk
management, internal controls, and accountability to ensure responsible
management of resources and assets.
9.1.4 policy
Ensuring compliance with various laws, regulations, and contractual obligations
related to information security.
Identifying and managing the relevant legislative, statutory, regulatory, and
contractual requirements in their information security policy document
Maintaining transparency and integrity by adhering to all applicable laws,
regulations, and industry standards, conducting business with honesty, integrity,
and fairness, and establishing robust systems for risk management, internal
controls, and accountability to ensure responsible management of resources and
assets.