d3 Solutions - Security Policy
Purpose
This policy outlines the requirements for ensuring the security of information and technology assets owned or managed by the organisation.
Scope
This policy applies to all employees, contractors, and vendors who use or have access to the organisation's information and technology assets.
Roles and Responsibilities
All employees, contractors, and vendors are responsible for complying with this policy and ensuring the security of the organisation's information and technology assets.
Password Security
All users must create strong passwords that meet the following requirements:
-Minimum length of 12 characters
-Combination of uppercase and lowercase letters, numbers, and symbols
-Change every 90 days
-Cannot be reused for at least six previous passwords
Network Security
All network traffic is protected with a firewall and intrusion detection/prevention system. Access to the network is granted on a need-to-know basis and monitored for unauthorised access.
Data Security
All data is classified based on its sensitivity and handled accordingly. Sensitive data is encrypted in transit and at rest. Data backups are performed regularly and stored in a secure location.
Physical Security
All workstations, servers, and other technology assets are physically secured to prevent unauthorised access or theft.
Incident Response
All security incidents are reported to the IT department immediately. An incident response is in place ( refer to incident statement), containing procedures for containing and remedying the incident.
Compliance
All users must comply with all applicable laws, regulations, and industry standards regarding information security.
Policy Review
This policy is reviewed and updated regularly to ensure its effectiveness and compliance with changing technology and security requirements.