Purpose

The purpose of this policy is to protect company and customer information from unauthorized access, disclosure, modification, or loss.

Scope

This policy applies to all employees, contractors, and consultants engaged by the organization.

Policy Statements

Confidentiality

• Employees shall protect confidential company and customer information.
• Information shall only be accessed and used for authorized business purposes.

Access Control

• Access to company resources shall be granted based on business requirements.
• Access rights shall be removed when no longer required or upon separation from the organization.
• Access to customer systems shall be governed by customer policies and procedures

Asset Usage

• Company and customer assets shall be used only for legitimate business purposes.
• Unauthorized software installation or use is prohibited.

Incident Reporting

• Employees shall promptly report any suspected information security incident to management.

Compliance

• Employees are expected to comply with this policy and any customer-specific security requirements applicable to their assignments.

Policy Ownership and Review

This policy is approved by the management of the organization and shall be reviewed periodically to ensure its continued suitability and effectiveness.

This policy is in effect from 01-Apr-2022