Information Security Policy


Last Updated: June 10, 2025

1. Purpose

This policy establishes security standards to protect Technology Media'sdata, systems, networks, and personnel from internal and external threats. It ensures compliance with GDPR, CCPA (if applicable), and industry best practices.

2. Scope

Applies to:

• All employees, contractors, vendors, and third parties with access to Technology Media systems.

• Company-owned and BYOD devices (if permitted) used for work.

• Physical and cloud-based assets (servers, SaaS tools, databases).

3. Security Roles & Responsibilities

Employees

Follow security protocols, report incidents, use strong passwords.

IT Team

Implement firewalls, encryption, access controls, and monitor threats.

Management

Allocate security budgets, enforce compliance, approve access.

Data Protection Officer (DPO)

Oversee GDPR/CCPA compliance (if applicable).

4. Data Classification & Handling

Confidential

Examples: PII, trade secrets, financial data

Protection Required: Encryption, strict access controls

Internal Use

Examples: HR policies, internal reports

Protection Required: Role-based access

Public

Examples: Marketing materials, press releases

Protection Required: No restrictions

Data Retention:

Retain only as long as necessary (e.g., employee records = 7 years post-termination).

Securely delete/destroy expired data (e.g., shredding, cryptographic erasure).

5. Access Control

Principle of Least Privilege (PoLP):

Grant minimal access needed.

Multi-Factor Authentication (MFA):

Required for remote access, admin accounts.

Password Rules:

12+ chars, mix of upper/lowercase, numbers, symbols. Change every 90 days.

Offboarding:

Immediate revocation of access upon exit.

6. Network & Device Security

Firewalls & Encryption:

Mandatory for all networks and sensitive data.

VPN:

Required for remote work.

Patch Management:

Regular OS/software updates.

BYOD Policy (if allowed):

MDM enrollment, remote wipe capability.

7. Incident Response

Report Immediately:

Email security@technologymedia.com or call +91 9823662453.

Containment:

Isolate affected systems.

Investigation:

Root-cause analysis within 72 hours.

Notification:

Inform affected parties/regulators if legally required (e.g., GDPR 72-hour rule).

8. Physical Security

Restricted Access:

Keycards/biometrics for server rooms.

Clean Desk Policy:

Lock away confidential documents.

Secure Disposal:

Shred documents, degauss/destroy old hard drives.

9. Training & Awareness

Annual Training: Cybersecurity best practices.

Phishing Tests: Quarterly simulated attacks.

Acknowledgment: Employees must sign compliance forms.

10. Compliance & Audits

Annual Security Audit: Penetration testing, vulnerability scans.

Vendor Assessments: Third parties must meet Technology Media's security standards.

Regulatory Fines: Non-compliance may result in penalties under GDPR/CCPA.

11. Policy Violations

Minor Breach: Retraining.

Major Breach: Suspension/termination + legal action.

12. Exceptions & Revisions

Exceptions: Require CISO/DPO approval.

Version Control: Document all changes (e.g., "v2.0 – June 2025").