Skip to content
How Can We Help?
< All Topics
Print

Cybersecurity Policy

PostedDecember 31, 2024
UpdatedJanuary 2, 2025
Bytechkatech

1. Purpose:

The purpose of this policy is to protect the digital infrastructure, sensitive information, and IT assets of Sunbeam Elastomers Pvt. Ltd. from cybersecurity threats, ensuring business continuity and data confidentiality.

2. Scope:

This policy applies to all employees, contractors, vendors, and third parties who access or handle the company’s IT systems, devices, networks, and data.

3. Objectives:

  • To safeguard company assets from unauthorized access, cyberattacks, and data breaches.
  • To ensure compliance with data protection regulations and cybersecurity standards.
  • To establish clear guidelines for using, storing, and sharing digital resources.

4. Policy Guidelines:

Access Control:

  • Access to IT systems, applications, and data will be granted based on job roles and responsibilities (need-to-know basis).
  • Multi-factor authentication (MFA) must be enabled for accessing critical systems and sensitive data.
  • Employees must use strong, unique passwords and update them every 90 days.

Data Security:

  • All sensitive and proprietary data must be encrypted during storage and transmission.
  • Employees are prohibited from sharing confidential information over unsecured channels.
  • Regular data backups will be conducted to ensure business continuity.

Use of IT Systems:

  • Employees must use company-provided systems and software for official purposes only.
  • Installation of unauthorized software, applications, or plugins is strictly prohibited.
  • Personal devices used for work must comply with company-approved security standards (Bring Your Own Device – BYOD policy).

Incident Reporting:

  • Any suspected or actual cybersecurity incident, such as phishing attempts, malware infections, or unauthorised access, must be reported immediately to the IT Department.
  • The IT Department will investigate the incident, mitigate risks, and document the findings.

Network Security:

  • The company’s networks will be secured using firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS).
  • Employees must connect to company systems only through approved, reliable, and secure networks (e.g., VPN for remote access or Office’s Mobile Wi-Fi hotspot).
  • Public Wi-Fi must not be used to access company systems or data unless connected through a VPN or Office’s Mobile Wi-Fi hotspot.

Employee Awareness and Training:

  • Employees must complete mandatory cybersecurity awareness training annually.
  • Training will include best practices for identifying phishing scams, malware, and social engineering attacks.

5. Roles and Responsibilities:

IT Department:

  • Implement and maintain cybersecurity measures, including firewalls, antivirus software, and data encryption.
  • Conduct periodic security audits and vulnerability assessments.
  • Monitor network activity for suspicious behavior and take corrective actions.

Employees:

  • Adhere to cybersecurity best practices, including secure password management and safe internet usage.
  • Report incidents promptly and cooperate during investigations.

Management:

  • Support the implementation of cybersecurity measures and allocate resources for continuous improvement.
  • Approve cybersecurity policies and ensure compliance across the organization.

6. Key Provisions:

1. Zero Tolerance for Negligence:

  • Any employee found negligent in following cybersecurity protocols may face disciplinary action, up to termination.

2. Regular Updates:

  • All IT systems and software must be updated regularly to prevent vulnerabilities.

3. Third-Party Compliance:

  • Vendors and contractors must adhere to the company’s cybersecurity requirements when accessing systems or handling data.

7. Monitoring and Reporting:

  1. The IT Department will monitor network activity and maintain logs of access and usage.
  2. Quarterly cybersecurity reports will be submitted to management, detailing incidents, resolutions, and areas for improvement.

8. Review and Amendments:

This policy will be reviewed annually or as required based on emerging threats and technological advancements. Amendments will be approved by the Board of Directors.

Approval:

This Cybersecurity Policy has been approved by the Board of Directors of Sunbeam Elastomers Pvt. Ltd. on 1st January 2025.

This policy ensures robust cybersecurity practices at Sunbeam Elastomers Pvt. Ltd., protecting the organization from evolving threats.

Table of Contents