IT Security Policy
IT Security Policy
1. Purpose and Scope:
The purpose of this IT Security Policy is to establish guidelines and best practices for the secure use, management, and protection of information technology resources within Infrared Group. This policy applies to all employees, contractors, suppliers, and individuals who have access to our IT systems and data.
2. Information Security Responsibilities:
All personnel are responsible for safeguarding the confidentiality, integrity, and availability of Infrared Group's information assets. This includes compliance with relevant laws, regulations, and company policies pertaining to information security.
3. Access Control:
a. Access to IT systems, applications, and data shall be granted based on the principle of least privilege.
b. User authentication mechanisms such as strong passwords and multi-factor authentication (MFA) shall be used to ensure only authorised individuals can access sensitive information.
4. Data Protection:
a. Sensitive and confidential data shall be classified and appropriately protected based on its level of sensitivity.
b. Data encryption shall be employed for sensitive data in transit and at rest, following industry standards and best practices.
5. Malware Prevention:
a. All devices connected to Infrared Group's network shall have up-to-date antivirus and anti-malware software installed.
b. Email attachments and downloads should be scanned for malware before opening.
6. Secure Network Usage:
a. The use of public Wi-Fi networks for business purposes is prohibited without using a virtual private network (VPN).
b. Network access controls shall be implemented to prevent unauthorised access to our internal network.
7. Remote Access:
a. Remote access to company systems shall only be granted through secure and encrypted connections.
b. Remote access shall require proper authentication and authorisation procedures.
8. Bring Your Own Device (BYOD):
a. Personal devices used for work purposes (BYOD) must comply with company security policies, including data encryption and device management.
b. A separate, isolated network may be provided for BYOD devices to ensure separation from critical company systems.
9. Incident Reporting and Response:
a. Any suspected or confirmed security incidents, breaches, or unauthorised access must be reported to the IT department immediately.
b. Infrared Group shall maintain an incident response plan outlining procedures for containing, investigating, and mitigating security incidents.
10. Regular Security Training:
a. Employees shall undergo regular security awareness training to stay informed about current threats, best practices, and company policies.
b. Training sessions shall cover topics such as phishing awareness, password hygiene, and social engineering risks.
11. Data Backup and Recovery:
a. Critical data shall be regularly backed up and stored in secure, off-site locations.
b. Periodic testing of data restoration procedures shall be conducted to ensure effective recovery in case of data loss.
12. Physical Security:
a. Physical access to IT infrastructure, server rooms, and data centres shall be restricted to authorised personnel only.
b. Access control mechanisms such as biometric authentication, access cards, and surveillance systems shall be used where applicable.
Infrared Group is committed to maintaining the highest standards of information security. All personnel are required to adhere to this IT Security Policy to protect our valuable assets and ensure the continuity of our operations. Non-compliance with this policy may result in disciplinary action.
Nathan De La Rosa