Security Policy

Core Principles

Defense in Depth, Data Encryption, Continuous Monitoring (24/7 SOC), Compliance (OWASP/ISO 27001), Threat Intelligence, and Security Awareness.

1. Purpose and Scope

Framework for protecting assets, applying to all employees, contractors, and clients.

2. Objectives

Protect CIA (Confidentiality, Integrity, Availability), ensure compliance, and minimize risks.

3. Access Control

Requires MFA, strong passwords, RBAC, and principle of least privilege.

4. Data Protection

AES-256 for rest, TLS 1.3 for transit, data classification labels (Public to Restricted).

5. Network Security

Perimeter firewalls, IDS/IPS, segmentation, and secure VPN.

6. Testing Standards

Follows OWASP, NIST, SANS Top 25, and industry-specific compliance (PCI DSS, HIPAA).

7. Incident Response

24/7 SOC; detection, containment, recovery, and client notification within 24 hours for material incidents.

8. Physical Security

Restricted access, surveillance, and secure facility controls.

9. Vendor Security

Pre-contract assessments, regular reviews, and data processing agreements.

10. Business Continuity

Annual testing of recovery plans, offsite backups, and defined RTO/RPO.

11. Compliance

Regular internal/external audits and continuous improvement programs.

12. Contact

Security Team - S.A Infotech