NETWORK SECURITY POLICY

1. PURPOSE
   1. The purpose of this policy is to provide clear and structured guidelines for detecting, responding to network breaches and mitigating from cyber security incidents. It establishes a framework for the management and security of various types of information, both digital and physical .It outlines measures to protect sensitive and valuable data from unauthorized access, breaches and loss.
2. SCOPE
   1. This policy applies to all [INSERT COMPANY NAME] employees, contractors or any individual with whom data is stored and company’s confidential information is being maintained, distributed or stored within the Company.
3. ACCESS CONTROL
   1. User Access Management- Access to information systems and data should be granted based on the principle of least privilege, ensuring that individuals have only the access necessary to perform their job responsibilities.
   2. Authentication and Password Management- Strong authentication mechanisms, such as complex passwords, two-factor authentication, or biometric authentication, should be employed to protect user accounts.
   3. Privileged Access Management- Special controls should be implemented to manage and monitor privileged accounts with elevated access rights.
4. NETWORK SECURITY
   1. Firewalls and network security measures will be maintained to prevent threats from entering the Company’s Network.
   2. Intrusion detection and prevention systems will be regularly monitored for any suspicious activity and to mitigate risk of malware threats.
   3. Encryption protocols will be used to secure data transmission over the network , protecting confidential information from inception and unauthorized access.
5. INCIDENT REPORTING
   1. The Authorized Team or Incident Reporting Team will prepare a report regarding the type of incident including description of the breach, types of data affected and will take appropriate measures to mitigate and contain the incident, preserve evidence, and prevent further unauthorized access or damage.
   2. The Authorized team will conduct a thorough investigation to determine the root cause, identify the extent of the breach, and gather evidence for legal purposes.
   3. The team will take necessary measures to recover and restore compromised data while ensuring its integrity.
   4. Analyze the breach to identify vulnerabilities, gaps in data controls, and any systemic issues that need to be addressed.
   5. Conduct a post-incident review to evaluate the effectiveness of the response process and identify areas for improvement.
6. REMEDIAL MEASURES
   1. The Company will work diligently to resolve the incident, restore normal operations, and implement necessary corrective actions to prevent similar incidents in the future. Users affected by the incident will be provided with guidance and support as needed to mitigate potential harm or loss.
   2. Information related to security incidents will be handled with the utmost confidentiality to protect the Company and individuals involved. Employees reporting incidents will be protected from any retaliatory actions for their reporting in good faith. The Company will maintain records of all reported incidents, including details of the incident, investigation findings, and actions taken. These records will be used for analysis and improvement of security measures.
   3. The Company will comply with all applicable laws regarding breach notification and data protection and implement necessary measures to address identified vulnerabilities and strengthen data controls to prevent similar breaches in the future.
7. TRAINING AND SECURITY AWARENESS
   1. Employees will be trained and educated on safe browsing habits, phishing awareness and how to report potential threats.
   2. All employees are required to complete security training sessions as mandated by Company's training schedule.
   3. Content of training shall include but not limited to the following:
      1. Password management.
      2. Data classification and handling.
      3. Phishing and social engineering awareness.
      4. Physical security.
      5. Reporting security incidents.
   4. The Company will promote security awareness through regular communication, reminders, and awareness campaigns.
8. CONFIDENTIALITY, INFORMATION SECURITY, PROPRIETARY INFORMATION AND INTELLECTUAL PROPERTY
   1. We are committed to business information confidentiality, integrity and accessibility, we implement proper technical security measures this and it is our staff’s obligation to uphold this. Proprietary information includes all non-public information that might be harmful to the company or its customers, business partners if disclosed to unauthorized parties. All staff must handle any such information as secret. It also covers that, no one is entitled to trade with securities while in possession of non-public information or deliver non-public information to others that could have impact on the securities. Every rule ensuring information security must be followed all times.
   2. Employees must maintain the confidentiality of the company and client information. Sharing sensitive information with unauthorized individuals is strictly prohibited.
   3. We respect the property rights of others. We will not acquire or seek to acquire trade secrets or other proprietary or confidential information by improper means.
9. REVIEW AND CHANGES
   1. We reserve the right to update and make changes to this Policy from time to time based on the working conditions of the Company. The Company on updating will inform the members of the Company.
10. FURTHER INFORMATION
    1. For any queries or further Information regarding our Company or about this Policy the concerned person can contact us through email [INSERT EMAIL ADDRESS OF THE COMPANY].
11. ACKNOWLEGEMENT
    1. We expect all employees to adhere to this Policy of the Company. The Company will apply this consistently and fairly to ensure a harmonious and productive workplace for all.
    2. By signing below, you acknowledge that you have carefully read and understood the terms and contents of this Policy.
    3. You acknowledge that you will follow the set guidelines of this Policy as well as of the Company and failure to do so; the Company can take required action against such person.

COMPANY                    

Authorized Signature

Print Name and Title

[INSERT SIGNING AUTHORTY AND DESIGNATION]