Policies

ITC Federal (ITC) delivers high-quality service delivery to all our customers. Our commitment to our Quality, Service Management, and Informational Security policies detailed below facilitates the integration of key components into all of ITC’s business and management processes to ensure customer satisfaction: risk-based thinking, continual process improvement, and effective IT asset and information security protocols and processes. ITC is proud to be certified in ISO 9001:2015, ISO/IEC 20000-1:2018, and ISO/IEC 27001:2013 and to be appraised at CMMI-DEV Level 3 (v1.3).

 

Quality Policy

ITC Federal (ITC) is a quality-focused company committed to providing our customers with professional services that meet or exceed requirements and expectations. Quality is directly linked to customer satisfaction, and customer satisfaction creates our competitive advantage. Our quality management system ensures that we will achieve corporate and customer objectives and consistently deliver the highest levels of quality in all aspects of our business. It is the duty of our entire staff to ensure that our quality policy is implemented and the needs of the customer are met.

Service Management Policy

ITC Federal’s (ITC) Service Management System (SMS) ensures consistent, high-quality service delivery to all of our customers. Top Management is committed to meeting the requirements of our customers and continually improving the effectiveness of our services and the SMS through adherence to an established Policy for Continual Improvement. An active Management Review Board (MRB) provides oversight and is responsible for establishing policy and objectives as well as annual review for continued suitability.

 

  • Services are delivered by a defined quality, sufficient to satisfy requirements identified from business processes
  • A service catalog was developed and is maintained as a basis for all service delivery and service management activities
  • A corporate service level agreement (SLA), which have been designed, agreed upon, and signed by each service leader is in place and is reviewed periodically to ensure the service meets the customer needs
  • All required processes have been defined, communicated, and improved based on business needs and feedback from all interested parties
  • Roles and responsibilities for each service line have been clearly defined and are identified in the Service Catalog

 

Information Security Management Policy

ITC Federal (ITC) has established an information security policy which is designed to protect the confidentiality, integrity, and availability of systems and information assets that contain ITC information by preventing and reducing the potential impact of security incidents. ITC manages assets and the risks to those assets and maintains an Information Security Management System (ISMS) in accordance with ISO/IEC 27001:2013. Computer information systems and networks are an integral part of business at ITC. The company has made a substantial investment in human and financial resources to create these systems. ITC’s policies and directives have been established to ensure that:

  • ITC’s information assets are safeguarded against internal, external, deliberate, or accidental threats.
  • Information assets are protected from unauthorized access
  • Confidential and other information such as Personally Identifiable Information (PII) will be properly maintained and controlled
  • Services and information assets are managed to support their integrity
  • Services that enable the availability of information assets will be managed in accordance with ITC’s services
  • Continuity of Operations Plans and tests are maintained to support the availability and return-to-service of assets in case of unforeseen circumstances
  • Regulatory, legislative, and contractual commitments related to information security are met and supported by methods to capture and review emerging requirements
  • Information Security orientation and training is provided to all employees to reduce the likelihood of security incidents
  • All information security breaches, incidents or events are to be reported directly to ITC immediately.