d3 Solutions - Security Policy
This policy outlines the requirements for ensuring the security of information and technology assets owned or managed by the organisation.
This policy applies to all employees, contractors, and vendors who use or have access to the organisation's information and technology assets.
Roles and Responsibilities
All employees, contractors, and vendors are responsible for complying with this policy and ensuring the security of the organisation's information and technology assets.
All users must create strong passwords that meet the following requirements:
-Minimum length of 12 characters
-Combination of uppercase and lowercase letters, numbers, and symbols
-Change every 90 days
-Cannot be reused for at least six previous passwords
All network traffic is protected with a firewall and intrusion detection/prevention system. Access to the network is granted on a need-to-know basis and monitored for unauthorised access.
All data is classified based on its sensitivity and handled accordingly. Sensitive data is encrypted in transit and at rest. Data backups are performed regularly and stored in a secure location.
All workstations, servers, and other technology assets are physically secured to prevent unauthorised access or theft.
All security incidents are reported to the IT department immediately. An incident response is in place ( refer to incident statement), containing procedures for containing and remedying the incident.
All users must comply with all applicable laws, regulations, and industry standards regarding information security.
This policy is reviewed and updated regularly to ensure its effectiveness and compliance with changing technology and security requirements.