General Cybersecurity Policy

  1. Purpose

    The purpose of this cybersecurity policy is to establish a framework to safeguard the confidentiality, integrity, and availability of information systems and customer data associated with the “All in One Accessibility” service. This policy applies to all employees, contractors, vendors, and partners who access or manage the service infrastructure.

  2. Scope

    This policy encompasses all systems, applications, networks, and data utilized in delivering the “All in One Accessibility” service. It includes both internal systems and cloud-based services used for hosting or data processing.

  3. Policy Objectives
    • Protect the integrity and confidentiality of customer data.
    • Ensure compliance with applicable legal, regulatory, and contractual obligations.
    • Mitigate cybersecurity risks associated with service operations.
    • Foster awareness and adherence to cybersecurity best practices among employees and partners.
  4. Key Cybersecurity Measures
      4.1 Access Control
      • Access to systems and data is granted based on the principle of least privilege.
      • Strong passwords and regular updates are enforced for all accounts.
      • Multi-factor authentication (MFA) will be implemented as a future upgrade.
      • All access requests must be authorized and logged.
      4.2 Data Protection
      • Customer data is encrypted during transmission (using HTTPS) and at rest (AES-256).
      • No sensitive data is stored in cookies; local storage is used for session management.
      • Regular data backups are performed and stored securely in the cloud.
      4.3 Network Security
      • Firewalls and intrusion detection systems monitor and block unauthorized activities.
      • Cloud environments are configured with security best practices (e.g., role-based access).
      • Network segmentation is implemented to limit the spread of potential breaches.
      4.4 Vulnerability Management
      • Regular vulnerability scans and penetration tests are conducted on critical systems.
      • Security patches are applied promptly to minimize exposure to known vulnerabilities.
      4.5 Incident Response
      • An incident response plan is in place to address potential cybersecurity incidents.
      • Incidents are logged, analysed, and resolved in a timely manner.
      • Customers will be notified promptly in the event of data breaches impacting their information.
      4.6 Employee Training
      • All employees are required to undergo regular cybersecurity awareness training.
      • Training focuses on recognizing phishing attacks, safe browsing, and secure data handling.
      4.7 Vendor and Third-Party Security
      • Security evaluations are performed before onboarding third-party vendors.
      • All vendors must comply with relevant security standards and agreements.
  5. Monitoring and Auditing
    • Continuous monitoring is conducted to identify and address suspicious activities.
    • Regular audits assess compliance with this policy and industry best practices.
  6. Compliance
    • The “All in One Accessibility” service adheres to applicable data protection laws such as GDPR, COPPA, and other local regulations.
    • Non-compliance with this policy by employees or contractors may result in disciplinary action.
  7. Policy Review
    • This policy will be reviewed annually or whenever significant changes are made to the service infrastructure or applicable regulations.