Cyber Security Policy

Purpose

This policy outlines the standards and procedures for the use of information systems and sharing of data within the company and outside as well, to protect the confidentiality, integrity, and availability of sensitive information.

Scope

This policy applies to all employees, individuals on third-party rolls, consultants, contractors, and third-party service providers or anyone else who has access to the company’s information systems and data.

Information Systems Usage

The information systems (including hardware, software, and network resources) provided by the company or purchased under the BYOD Policy are intended to support business operations. The following rules apply to their usage:

  • All information systems and resources must be used in compliance with applicable laws and company policies.
  • Employees must only access systems and data that are necessary for their role.
  • Unauthorized access, tampering, or misuse of company information systems is strictly prohibited.
  • Strong password protocols must be followed (minimum length, complexity, and regular updates). Password sharing is not allowed. Multi-factor authentication should be enabled for critical applications.
  • Information systems must not be used for personal gain, illegal activities, or any activity that may be a threat to the company’s interest or harm its reputation.
  • Any confidential data or sensitive information should not be shared in print/hard copy with anyone internally or externally without seeking approval from the Founder and CEO.
  • Avoid keeping any passwords or critical information related to company in hardcopy or mention it in a physical form which is easily accessible to others.

Data Classification and Protection

All information managed by NeoLiv is categorized into the following tiers for protection:

  • Confidential Information: This includes financial data, proprietary project details, investor information, customer information, and personal data of employees and customers.
  • Internal Use Only: Data intended for internal operations, such as policies, procedures, and operational reports.
  • Public Information: Data that can be freely distributed, such as marketing materials or information released in official public communications.

Confidential and internal information must be secured through encryption, access controls, and other appropriate measures to prevent unauthorized access or disclosure.

Information Sharing

Internal Sharing:

  • Information should only be shared on a need-to-know basis within the organization.
  • Secure channels (encrypted email, secure file-sharing platforms) must be used for transmitting confidential or sensitive information.
  • Employee(s) must ensure that recipients of information are authorized to access the data.

External Sharing:

  • When sharing any confidential or sensitive information with third parties (contractors, vendors, etc), a non-disclosure agreement (NDA) must be in place.
  • If an employee is unsure whether a particular data or information can be shared or not, he/she must check and verify with the Function Head and/or Founder & CEO’s Office before sharing any such information.
  • Information shared with government bodies, regulatory agencies, or courts must follow legal requirements and be handled by authorized personnel.
  • Company data and information should not be shared with any competitor companies or Channel Partners. This must be strictly adhered to.

Data Security and Privacy

We are committed to protecting the privacy of all stakeholders and securing sensitive data. The following measures must be adhered to:

  • Personal data of employees, clients, investors or customers must be processed in compliance with the applicable data protection laws (e.g., Personal Data Protection Bill in India).
  • Security protocols as directed by the IT team – such as firewalls, antivirus software, and encryption, must be complied with to protect information systems.
  • Employees must report any suspicious activity or breaches immediately to the IT department.

Data Security and Privacy

We are committed to protecting the privacy of all stakeholders and securing sensitive data. The following measures must be adhered to:

  • Personal data of employees, clients, investors or customers must be processed in compliance with the applicable data protection laws (e.g., Personal Data Protection Bill in India).
  • Security protocols as directed by the IT team – such as firewalls, antivirus software, and encryption, must be complied with to protect information systems.
  • Employees must report any suspicious activity or breach immediately to the IT department and/or Compliance Officer.

In the event of a data breach, cyberattack, or unauthorized access:

  • Employees must report the incident immediately to the IT department.
  • Employees must be very careful when opening email messages – as email-based virus attacks are increasingly common. If anything seems suspicious, they must contact the IT Department immediately.
  • The IT team will investigate the breach, contain it, and initiate corrective actions, such as notifying affected stakeholders if necessary.
  • A formal report will be prepared after the incident, including lessons learned and preventive measures for the future.

Roles and Responsibilities

  • Employees: Responsible for using information systems responsibly, securing confidential information, and reporting any suspicious activity. Must ensure that all IT-related policies and procedures are complied with 100% without any compromise.
  • IT Department: Responsible for implementing and maintaining data security measures, providing access controls, and handling data breaches.
  • Senior Management: Responsible for oversight of information management practices and ensuring compliance with legal and regulatory requirements.