2. Scope

This policy applies to all employees, contractors, and third parties with access to Digitalogy Ltd’s information systems. It covers all forms of data, including electronic, physical, and verbal information, as well as the IT systems, networks, and devices used to process or store such data.

3. Objectives

Our information security objectives are to:

Protect client, employee, and company data from unauthorised access, disclosure, alteration, or destruction.

Comply with applicable legal, regulatory, and contractual information security requirements.

Foster a culture of security awareness and accountability within the organisation.

Identify and mitigate information security risks through effective controls and monitoring.

Ensure the availability of critical systems and data to support business operations.

4. Key Principles

We adhere to the following principles:

Confidentiality: Protect sensitive information from unauthorised access or disclosure.

Integrity: Safeguard the accuracy and completeness of information.

Availability: Ensure information and systems are accessible to authorised users when needed.

Accountability: Ensure all users understand their responsibilities for maintaining information security.

5. Roles and Responsibilities

Leadership Team: Provide strategic direction, approve security policies, and allocate necessary resources.

Information Security Officer (ISO): Oversee the implementation and maintenance of the information security programme, monitor compliance, and lead incident response efforts.

Employees and Contractors: Adhere to this policy, complete security training, and report any security incidents or vulnerabilities.

Third Parties: Ensure third-party providers comply with our information security standards and contractual obligations.

6. Information Security Controls

We implement the following controls to protect information assets:

Access Management: Restrict access to information and systems based on role and need-to-know principles.

Encryption: Use encryption technologies to protect sensitive data in transit and at rest.

Secure Configuration: Ensure all systems and devices are securely configured to minimise vulnerabilities.

Network Security: Use firewalls, intrusion detection systems, and regular monitoring to protect our network.

Physical Security: Restrict physical access to premises and sensitive information storage areas.

Backup and Recovery: Regularly back up critical data and test disaster recovery plans to ensure business continuity.

Incident Management: Establish procedures to detect, respond to, and recover from security incidents promptly.

7. Security Awareness and Training

We provide regular training to employees and contractors to ensure:

Awareness of information security risks and best practices.

Understanding of their roles and responsibilities under this policy.

Knowledge of how to report security incidents or suspicious activity.

8. Monitoring and Compliance

To ensure compliance with this policy, we:

Monitor systems and networks for unauthorised access, anomalies, and vulnerabilities.

Conduct regular internal and external security audits.

Review and update the policy annually or as needed to reflect changes in the business or threat landscape.

Enforce disciplinary actions for policy violations.

9. Incident Reporting

All security incidents must be reported immediately to the Information Security Officer. The incident response team will investigate, document, and implement measures to prevent recurrence. Significant incidents will be reported to senior management and, if required, to regulatory authorities.

10. Continuous Improvement

We are committed to continually improving our information security programme by:

Adopting industry best practices and standards.

Addressing findings from audits and incident investigations.

Reviewing emerging threats and updating controls accordingly.