Information Security Policy
INFORMATION SECURITY POLICY
This Information Security Policy outlines the principles and guidelines for safeguarding the confidentiality, integrity, and availability of all information assets belonging to Everson Electrical (S) Pte Ltd. Information security is essential to protect the interests of our organization, our clients, and our stakeholders. All employees, contractors, and third parties must adhere to this policy.
2. Information Classification
All information assets shall be classified into categories based on their sensitivity and criticality. The classification levels are:
- Confidential: Information that, if disclosed, could have a severe impact on Everson Electrical (S) Pte Ltd.
- Internal Use Only: Information intended for internal use, not meant for public dissemination.
- Public: Information that can be shared publicly without restrictions.
3. Access Control
Access to information systems and data shall be controlled based on the principle of least privilege. Access rights will be assigned to individuals based on their roles and responsibilities. Access control measures include:
- User authentication and strong password policies.
- Regular review and audit of access rights.
- Access termination procedures for employees and contractors.
4. Data Protection
- Sensitive data, including customer information, shall be protected through encryption, access controls, and secure transmission methods.
- Regular backups of critical data shall be maintained, and disaster recovery procedures shall be established.
- Data retention and disposal policies shall be implemented in compliance with legal and regulatory requirements.
5. Security Awareness and Training
- All employees, contractors, and third parties shall receive information security training and be aware of their responsibilities.
- Regular security awareness campaigns will be conducted to educate staff about emerging threats and best practices.
6. Incident Response
- Procedures for reporting and responding to security incidents, breaches, or vulnerabilities shall be in place.
- An incident response team shall be designated to manage and mitigate security incidents.
7. Physical Security
- Access to physical facilities and equipment housing sensitive information shall be restricted to authorized personnel.
- Physical security measures, such as surveillance and access control systems, shall be in place.
8. Compliance and Legal Requirements
- The organization shall comply with all relevant laws, regulations, and industry standards regarding information security.
- Regular compliance assessments and audits shall be conducted.
9. Vendor and Third-Party Security
- Third-party vendors and partners shall be assessed for their security practices and compliance with our information security requirements.
- Contracts with third parties shall include information security clauses.
10. Policy Review and Updates
This Information Security Policy shall be reviewed annually and updated as needed to address emerging threats and changes in Everson Electrical (S) Pte Ltd's operations.
Failure to comply with this policy may result in disciplinary action, including termination of employment or contract, and legal consequences.
Information security is the responsibility of every individual within Everson Electrical (S) Pte Ltd. By adhering to this policy, we demonstrate our commitment to protecting our information assets and maintaining the trust of our clients and stakeholders.