The purpose of this Information Security Policy is to establish and maintain an effective framework for protecting the confidentiality, integrity, and availability of Hytone Merchants PVT LTD’s information assets.
This policy applies to all employees, contractors, and third-party vendors who have access to Hytone Merchants PVT LTD’s information assets.
Information shall be classified into three levels:
Access to information systems and data shall be granted based on the principle of least privilege. Access permissions will be reviewed regularly, and access rights revoked promptly upon termination of employment or contract.
All users must authenticate using strong, unique credentials. Multi-factor authentication (MFA) is mandatory for accessing sensitive systems and data.
Sensitive data in transit and at rest must be encrypted using industry-standard encryption algorithms.
Regular backups of critical data must be performed, and backup integrity must be verified periodically.
All employees must promptly report any suspected or confirmed security incidents to the designated IT Security team.
An incident response plan will be maintained and periodically tested. It will outline procedures for identifying, responding to, and mitigating security incidents.
Physical access to data centers, server rooms, and other critical infrastructure shall be restricted and monitored.
End-of-life equipment containing sensitive data must be securely wiped before disposal.
Hytone Merchants PVT LTD shall comply with all relevant information security laws and regulations in India.
This policy will be reviewed annually and updated to address changes in technology, business operations, and legal requirements.
All employees will receive regular training on information security best practices and their responsibilities.
Violations of this policy may result in disciplinary action, up to and including termination of employment or contract.