2.3 Data security

2.3.1 Data Security

Data security is essential to protect our organization and clients from unauthorized access, breaches, and data loss. Employees are expected to comply with all data security policies and procedures.

This includes using strong and unique passwords, following authentication protocols, and not sharing login credentials.

2.3.2 Handling of Confidential Information

Employees are expected to exercise care and diligence when handling confidential information. This includes:

• Using secure methods to transmit sensitive data electronically.

• Being cautious when discussing confidential matters, ensuring privacy in conversations.

2.3.3 Access to Data

Access to confidential data is typically provided on a need-to-know basis. Employees should only access data required to perform their job responsibilities.

Unauthorized access, sharing, or disclosure of confidential information is strictly prohibited.

2.3.4 Protection of Devices

If provided with company equipment, employees are responsible for safeguarding devices such as desktops, laptops, smartphones, and tablets. Devices should not be left unattended, and they should be locked when not in use. Only employees are allowed to use or get access to company equipment and professional devices.

2.3.5 Remote Work & Data Security

For remote employees, maintaining data security is equally important. Ensure that your remote workspace is secure, use secure networks, and follow company policies for remote work, including the use of virtual private networks (VPNs), password managers and encryption when necessary.

2.3.6 Incident Reporting

If you suspect a data security breach or have concerns about the handling of confidential information, it is your responsibility to report it immediately to your manager or supervisor.

2.3.7 Consequences of Violation

Violations of our confidentiality and data security policies can result in disciplinary action, up to and including termination of employment, and may also lead to legal consequences.