ISO / IEC 27001 Practices Alignment Statement
Wytmode Cloud Private Limited
Created Date: September 15, 2025
Last Reviewed Date: September 15, 2025
1. Introduction and Scope
Wytmode Cloud Private Limited (“Wytmode”, “we”, “our”, or “us”) maintains an Information Security Management System (ISMS) that is designed and operated in alignment with the international standard ISO/IEC 27001:2022. While Wytmode is not yet certified under ISO/IEC 27001, our governance structures, policies, and operational controls are built to meet its requirements and to ensure the confidentiality, integrity, and availability of all information entrusted to us.
This statement applies to all Wytmode services, platforms, internal systems, and corporate operations, including technology infrastructure, product development, HR and workforce activities, financial and legal operations, procurement, and customer support. It summarizes the way we govern security, manage risks, implement controls, and continuously improve our information security practices
2. ISMS Framework and Objectives
Wytmode’s ISMS provides a structured, risk-based framework for identifying, assessing, and addressing information security risks throughout the information lifecycle. Our security objectives are established by senior leadership and reviewed at regular intervals to ensure alignment with strategic goals, contractual obligations, and regulatory requirements. These objectives are embedded into operational practices, with measurable outcomes used to assess effectiveness. The ISMS is integrated with enterprise risk management so that security risk decisions are made in context and are properly resourced and owned
3. Governance and Leadership
Information security is governed at the highest levels of Wytmode’s leadership. Senior management approves policies, allocates resources, and oversees the implementation of security controls. Roles and responsibilities for information security are clearly documented and communicated, binding employees, contractors, and relevant third parties. Decision-making is supported by cross-functional collaboration between engineering, product, legal, HR, finance, and operations teams. This ensures that security is embedded into day-to-day processes and product development rather than treated as an afterthought
4. Scope of ISMS
The scope of our ISMS covers all people, processes, and technologies under Wytmode’s control that are used to design, build, deliver, and support our services. It includes development pipelines, production and staging environments, corporate devices, cloud infrastructure, data repositories, and identity systems. Where suppliers manage infrastructure on our behalf, contractual and technical controls ensure alignment with our ISMS requirements. Client-owned environments fall outside our direct operational scope, but our contractual arrangements ensure security is appropriately addressed
5. Risk Management and Control Selection
We operate a documented methodology for risk assessment that considers assets, threats, vulnerabilities, and business impacts. Risks are evaluated using standardized likelihood and impact criteria and are tracked to closure with defined owners and milestones. Control selection is guided by ISO/IEC 27001:2022 Annex A, supplemented with practices from other frameworks where appropriate. The results of assessments are reported to leadership and reviewed regularly to adapt to changes in business and technology environments
6. Policies and Organizational Controls
Wytmode has implemented a comprehensive framework of policies covering information security, acceptable use, access control, encryption, vulnerability management, secure development, incident response, business continuity, asset management, supplier security, and data protection. Policies are approved by management, regularly updated, communicated to staff, and enforced through detailed standards and operating procedures. Exceptions are risk-assessed, time-bound, and formally approved by management to maintain accountability
7. Human Resources Security and Awareness
Security begins with people. Wytmode conducts background checks where legally permissible, requires confidentiality agreements, and ensures role-based access provisioning during onboarding. Training in security and privacy best practices is mandatory for all personnel and provided regularly thereafter. Specialized training is given to engineers, administrators, and other roles with higher risk responsibilities. When employees leave or change roles, access is revoked immediately, and company devices are returned or securely wiped
8. Asset and Data Management
Information assets, including data, source code, devices, and configurations, are inventoried, classified by sensitivity, and assigned owners. Handling rules are applied based on classification levels, ensuring that sensitive or regulated information receives appropriate protection. Data retention schedules prevent over-retention, and secure disposal processes ensure that information is destroyed in a manner that prevents recovery
9. Access Control and Identity Management
Access to systems and data is based on the principles of least privilege and need-to-know. Strong authentication and role-based access controls are enforced, with multi-factor authentication mandatory for administrative or sensitive accounts. Privileged access is tightly controlled and monitored, and regular reviews ensure appropriateness. All privileged activities are logged and subject to oversight
10. Cryptography and Secure Operations
Data is protected with industry-standard encryption both in transit and at rest. Keys are managed through documented procedures covering creation, rotation, storage, and revocation. Cryptographic practices are reviewed regularly to remain aligned with evolving standards and regulatory expectations. Operational controls include secure configuration baselines, vulnerability scanning, patch management, and segregation of environments. Change management processes ensure that updates are tested, peer-reviewed, and deployed securely
11. Monitoring, Incident Management, and Resilience
Security-relevant events are logged centrally and analyzed through automated monitoring systems. Alerts are triaged and handled using documented runbooks. Incident response processes cover identification, containment, eradication, recovery, and post-incident review. High-severity incidents trigger executive involvement and, where necessary, notifications to regulators or affected parties.
Business continuity and disaster recovery plans ensure resilience against disruptions. These include resilient system architectures, secure backups with periodic testing, and recovery objectives tailored to service tiers. Plans are tested regularly, and lessons learned are used to strengthen future readiness
12. Vendor and Supplier Management
Third-party vendors, including cloud and infrastructure providers, undergo due diligence to evaluate their security certifications, compliance with contractual requirements, technical safeguards, and incident management capabilities. Contracts impose confidentiality, breach notification, and audit cooperation obligations. Vendors are periodically reassessed, and corrective actions are enforced where issues are identified. International transfers of information are safeguarded using approved contractual mechanisms such as Standard Contractual Clauses
13. Continuous Improvement and Certification Roadmap
The ISMS is subject to periodic internal audits, management reviews, and continual improvement initiatives. Audit results, risk reports, incidents, and legal updates are reviewed by leadership to ensure the ISMS remains effective and aligned with ISO/IEC 27001. Security awareness programs, testing exercises, and cultural reinforcement ensure accountability across the organization.
Wytmode’s roadmap includes completing readiness assessments and engaging an accredited certification body for a staged certification audit. Until certification is achieved, assurance is provided through this statement, internal audits, and independent testing engagements with client oversight. Once certified, Wytmode will maintain compliance through surveillance audits and ongoing enhancements
14. Updates and Contact
This statement is reviewed periodically and updated to reflect organizational, technological, and regulatory changes. The effective date at the top of this document indicates the current version.
For questions or requests for further information, please contact:
Wytmode Cloud Private Limited
#63, H Colony, 2nd Main, 1st Stage, Indira Nagar
Bengaluru, Karnataka, India – 560038
Phone: (+91) 8884557972
Email: legal@wytmode.com
Closing Statement
This ISO/IEC 27001 Practices Alignment Statement demonstrates Wytmode’s commitment to adopting industry-leading information security practices. While certification is pending, our ISMS is structured to meet ISO/IEC 27001:2022 requirements and reflects our dedication to safeguarding information assets, managing risk, and building trust with clients, employees, partners, and regulators.