1. Purpose
The purpose of this Cyber Security Policy is to outline the guidelines, responsibilities, and procedures for maintaining the confidentiality, integrity, and availability of data and systems at Neatlines Ltd.
2. Scope
This policy applies to all employees, contractors, and third-party vendors who have access to Neatlines Ltd's systems, networks, and data.
3. Policy
3.1 INFORMATION SECURITY
All information assets, including customer data, shall be classified based on their sensitivity and handled accordingly.
Access to sensitive information shall be restricted to authorised personnel only.
Data encryption shall be implemented for data transmission and storage, especially for sensitive data.
Regular backups of data shall be performed and stored securely off-site.
3.2 ACCESS CONTROL
Access to systems, applications, and data shall be granted based on the principle of least privilege.
Strong authentication mechanisms, such as multi-factor authentication (MFA), shall be enforced for accessing critical systems and data.
Access logs shall be maintained and regularly reviewed to monitor for unauthorised access attempts.
3.3 NETWORK SECURITY
Firewalls and intrusion detection/prevention systems shall be deployed to protect the network from unauthorised access and malicious activities.
Wireless networks shall be encrypted.
Regular vulnerability assessments and penetration testing shall be conducted to identify and remediate security weaknesses.
3.4 ENDPOINT SECURITY
All company-owned devices shall be protected with up-to-date antivirus software and endpoint protection measures.
Employees shall adhere to the Bring Your Own Device (BYOD) policy, which includes installing necessary security software and keeping devices patched and updated.
3.5 INCIDENT RESPONSE
An incident response plan shall be established to address security incidents promptly and effectively.
All security incidents and breaches shall be reported to the designated security officer or IT department immediately for investigation and remediation.
3.6 EMPLOYEE TRAINING AND AWARENESS
All employees shall receive regular training on cyber security best practices, including phishing awareness and data handling procedures.
Employees shall be encouraged to report any suspicious activities or security concerns promptly.
3.7 COMPLIANCE
Neatlines Ltd shall comply with all relevant laws, regulations, and industry standards related to cyber security, including but not limited to GDPR, HIPAA, and SOC 2.
4. Responsibilities
The Chief Technology Officer (CTO) or designated security officer is responsible for overseeing the implementation and enforcement of this Cyber Security Policy.
Managers and supervisors are responsible for ensuring that their team members are aware of and comply with this policy.
All employees are responsible for adhering to this policy and reporting any security incidents or breaches promptly.
5. Enforcement
Violation of this Cyber Security Policy may result in disciplinary action, up to and including termination of employment or legal action.
6. Review and Revision
This Cyber Security Policy shall be reviewed periodically and updated as necessary to reflect changes in technology, threats, and regulatory requirements.
7. Approval
This Cyber Security Policy has been approved by Tom Makin and is effective as of 01 February 2024.
8. Document Control
This policy shall be maintained in a centralised document repository and accessible to all employees. All revisions and updates shall be documented and tracked.