Legally Documented . 02 July 2019 . By UIBS

Data Safety Policy

Corporate Data Safety Policy

  1. Purpose

  2. The purpose of this Corporate Data Safety Policy is to outline UIBS's commitment to maintaining the confidentiality, integrity, and availability of corporate data. This policy aims to establish guidelines and procedures to protect data assets from unauthorized access, use, disclosure, alteration, and destruction.

  3. Scope

  4. This policy applies to all employees, contractors, and third-party vendors who have access to corporate data within UIBS premises located at Colombo 04 or any other location where UIBS operates.

  5. Data Classification

  6. UIBS recognizes the importance of classifying data based on its sensitivity and criticality. The following data classification levels are established:

    1. Confidential: Highly sensitive information, including but not limited to customer data, financial records, trade secrets, and strategic plans.
    2. Internal: Internal documents, reports, and information not intended for public distribution.
    3. Public: Non-sensitive information intended for public release.
  7. Data Handling

  8. UIBS recognizes the importance of classifying data based on its sensitivity and criticality. The following data classification levels are established:

    1. Access Control:
      1. Access to corporate data must be based on the principle of least privilege, with access granted only to authorized individuals who require it for their job responsibilities.
      2. User accounts must be unique and tied to specific individuals. Sharing of user accounts is strictly prohibited.
      3. User access must be promptly revoked or modified when employees change roles or leave the organization.
      4. Two-factor authentication should be implemented for critical systems and privileged accounts.
    2. Data Storage and Transmission:
      1. Corporate data must be stored in secure, centrally managed systems with appropriate access controls.
      2. Data backups must be performed regularly and stored securely.
      3. Data transmitted over networks, including the internet, must be encrypted using secure protocols.
    3. Physical Security:
      1. Physical access to data storage areas, server rooms, and other sensitive locations must be restricted to authorized personnel only.
      2. Visitors must be escorted and granted access only to areas necessary for their business purposes.
  9. Data Security Practices

    1. Information Security Awareness:
      1. Regular training and awareness programs must be conducted to educate employees on data security best practices, including safe internet usage, social engineering threats, and phishing attacks.
      2. Employees must be aware of their responsibilities in safeguarding corporate data and reporting any security incidents or breaches promptly.
    2. Incident Management:
      1. A documented incident response plan must be in place to address security incidents effectively.
      2. All security incidents must be promptly reported to the designated IT or security personnel.
    3. Security Assessments and Audits:
      1. Regular security assessments and audits must be conducted to identify vulnerabilities and ensure compliance with security policies and standards.
      2. Vulnerabilities or weaknesses discovered during assessments must be remediated promptly.
  10. Compliance and Enforcement

  11. Non-compliance with this Corporate Data Safety Policy may result in disciplinary action, up to and including termination of employment or contract, in accordance with UIBS's policies and local laws.

  12. Policy Review

  13. This policy will be reviewed annually or as needed to ensure it remains relevant and effective in addressing emerging threats and technologies.

By adhering to this policy, UIB Solutions (Pvt) Ltd. (UIBS) is committed to protecting the confidentiality, integrity, and availability of corporate data and maintaining the trust of its clients and stakeholders.