The purpose of this policy is to establish guidelines and procedures for safeguarding company data and technology assets.
This policy applies to all employees, contractors, and third-party vendors who have access to company data and technology assets.
Access Control: Access to company data and technology assets should be granted on a need-to-know basis. Employees should not share their login credentials or access company data on personal devices.
Data Protection: Data should be classified based on its sensitivity level and appropriate security measures should be implemented to protect it. This includes encryption, backup, and disposal procedures.
Incident Response: All security incidents should be reported to the IT department immediately. Employees should not attempt to investigate or resolve security incidents on their own.
Physical Security: Access to company facilities should be restricted to authorized personnel. Physical security measures such as locks, security cameras, and alarms should be implemented to protect company assets.
Information Security Awareness: All employees should receive regular training on information security best practices and policies.
Violation of this policy may result in disciplinary action, up to and including termination of employment or contract.
Date of Change
Date of Change
Information Security Policy
No results from filter
Information Security Policy 1.1
By clicking this button I acknowledge that I have read the above policy and agree to comply with the policy