Last Date Terms Updated:

2024

 

1. Purpose:

   The purpose of this Information Security Policy is to ensure the protection of all information assets owned or managed by OPRaaS. This policy provides direction and support for information security in accordance with business requirements and relevant laws and regulations.

 

2. Scope:

   This policy applies to all information assets of OPRaaS, irrespective of format. This includes digital data, paper records, verbal communication, and any other format wherein company information may be stored or transmitted.

 

3. Policy Statements:

• Asset Management: All information assets shall be identified, classified, and adequately protected.
• Access Control: Only authorized personnel (in this case, the staff member) shall have access to company information.
• Strong, unique passwords must be used where required.
• Physical Security: Physical assets like computers, storage devices, and paper records must be stored securely when not in use.
• Operational Security: Software and systems shall be kept updated and patched.
• Regular backups of critical data shall be maintained and tested periodically.
• Cryptography: Where necessary, sensitive data should be encrypted, especially during transmission or when stored in portable devices.
• Human Resources: The staff member shall be made aware of this policy and shall adhere to all its stipulations.
• Any breach of this policy should be reported immediately.
• Communication Security: Secure methods should be used for transmitting any sensitive data. Caution should be exercised with email attachments and unknown links.
• Incident Management: All information security incidents shall be reported and appropriately managed to mitigate the risk and understand the cause.
• Business Continuity: Important data shall be backed up regularly and stored securely.
• A simple plan should be in place to recover from potential threats like data loss or hardware failures.
• Review and Audit: This policy shall be reviewed annually or whenever significant changes occur to ensure its relevance and effectiveness.

 

4. Compliance:

   Any deliberate breach of this policy may result in disciplinary action. Additionally, any breach could also lead to legal action if external regulations or laws are violated.

 

5. Review & Updates:

   This policy will be reviewed at least annually to ensure it remains relevant and effective. The review will be carried out by Chris Dunn, Managing Director – OPRaaS LTD.