Cyber Security Policy

The purpose of this cyber security policy is to provide guidelines and procedures to ensure the confidentiality, integrity, and availability of the organisation's information systems and data. All employees, contractors, and third-party vendors must follow this policy to protect the organisation's assets from unauthorised access, disclosure, modification, or destruction.

• All access to the organisation's information systems and data must be authorised and approved by the appropriate management personnel.
• Passwords must be complex, changed regularly, and not shared with anyone else.
• Multi-factor authentication must be used for all sensitive data and systems.

• All data must be classified based on its sensitivity and confidentiality level.
• Encryption must be used for all data in transit and at rest.
• Regular backups must be performed to ensure data availability in case of a disaster or breach.
• Data retention policies must be followed as per the regulatory requirements.

• Firewall and Intrusion Detection Systems must be installed and updated regularly.
• Network segmentation must be implemented to isolate critical assets from the public network.
• Remote access must be secured using VPN and access controls.
• Wireless networks must be secured with strong passwords and encryption.

• All security incidents must be reported immediately to the appropriate management personnel.
• An incident response plan must be in place to handle any security incidents.
• Regular security testing and vulnerability assessments must be conducted to identify any potential risks and threats.

• All employees, contractors, and third-party vendors must undergo a background check and security awareness training.
• Access to sensitive data and systems must be based on the principle of least privilege.
• Employees must be required to sign a confidentiality agreement.

• This policy must comply with all applicable laws, regulations, and industry standards.
• Regular audits must be conducted to ensure compliance with this policy and any relevant regulations.