Cyber Security Policy

1. Purpose

The purpose of this policy is to protect the confidentiality, integrity, and availability of One Touch Data’s information assets, technology infrastructure and data. Cybersecurity is vital to safeguarding our company, employees, customers, and partners from evolving digital threats and ensuring business continuity.

2. Scope

This policy applies to all employees, contractors, consultants, interns, officers, directors, and any third parties with access to company systems, data, and hardware, whether remote or on-site.

3. Confidential Data

Confidential data includes, but is not limited to:

  • Customer, partner, and vendor information
  • Financial and business data
  • Intellectual property, trade secrets, and proprietary technology
  • Employee personal information
    All personnel must protect confidential data from unauthorized access, disclosure, or destruction.

4. Acceptable Use of Systems and Devices

  • Use company IT systems and devices only for authorized business purposes.
  • Secure all devices with strong passwords, antivirus software, and encryption where applicable.
  • Regularly update software and operating systems to patch security vulnerabilities.
  • Avoid using public or unsecured Wi-Fi networks for accessing company systems.
  • Do not install unauthorized software or share login credentials.

5. Password and Access Management

  • Use strong, unique passwords for all accounts and change them regularly.
  • Enable multi-factor authentication (MFA) where available.
  • Access to sensitive systems is granted on a need-to-know basis and regularly reviewed.

6. Email and Communication Security

  • Be cautious of phishing and social engineering attempts; verify suspicious emails before responding.
  • Do not open attachments or click links from unknown or untrusted sources.
  • Report any suspected phishing or security incidents promptly to the IT security team.

7. Incident Reporting and Response

  • All cybersecurity incidents, breaches, or suspicious activities must be reported immediately to the designated IT security contact.
  • The company will investigate incidents promptly and take corrective or remedial action to mitigate risks.
  • Employees are expected to cooperate fully with incident investigations.

8. Employee Training and Awareness

  • Employees will receive regular cybersecurity training, including recognizing threats and safe computing practices.
  • Security awareness communication will be ongoing to adapt to new and emerging risks.

9. Monitoring and Audits

  • The company monitors network activity and systems to detect and respond to potential security threats.
  • Periodic audits will be conducted to ensure compliance with this policy and identify vulnerabilities.

10. Consequences of Non-Compliance

Failure to comply with this policy may result in disciplinary action, up to and including termination of employment or contract, and possible legal action.

11. Policy Review

This policy will be reviewed at least annually and updated as necessary to remain effective and aligned with evolving cybersecurity threats and regulatory requirements.