Information Security Policy

1. Introduction

1.1 Purpose

The purpose of this Information Security Policy is to establish and maintain an effective framework for protecting the confidentiality, integrity, and availability of Hytone Merchants PVT LTD’s  information assets.

1.2 Scope

This policy applies to all employees, contractors, and third-party vendors who have access to Hytone Merchants PVT LTD’s information assets.

2. Information Classification

2.1 Classification Levels

Information shall be classified into three levels:

  • Confidential: Highly sensitive information requiring the highest level of protection.
  • Internal: Information for internal use only.
  • Public: Information that can be shared openly.

3. Access Control

3.1 User Access

Access to information systems and data shall be granted based on the principle of least privilege. Access permissions will be reviewed regularly, and access rights revoked promptly upon termination of employment or contract.

3.2 Authentication

All users must authenticate using strong, unique credentials. Multi-factor authentication (MFA) is mandatory for accessing sensitive systems and data.

4. Data Protection

4.1 Data Encryption

Sensitive data in transit and at rest must be encrypted using industry-standard encryption algorithms.

4.2 Data Backup

Regular backups of critical data must be performed, and backup integrity must be verified periodically.

5. Incident Response

5.1 Reporting Incidents

All employees must promptly report any suspected or confirmed security incidents to the designated IT Security team.

5.2 Incident Handling

An incident response plan will be maintained and periodically tested. It will outline procedures for identifying, responding to, and mitigating security incidents.

6. Physical Security

6.1 Restricted Access

Physical access to data centers, server rooms, and other critical infrastructure shall be restricted and monitored.

6.2 Equipment Disposal

End-of-life equipment containing sensitive data must be securely wiped before disposal.

7. Compliance

7.1 Legal Compliance

Hytone Merchants PVT LTD shall comply with all relevant information security laws and regulations in India.

7.2 Policy Review

This policy will be reviewed annually and updated to address changes in technology, business operations, and legal requirements.

8. Training and Awareness

8.1 Employee Training

All employees will receive regular training on information security best practices and their responsibilities.

9. Enforcement

9.1 Violations

Violations of this policy may result in disciplinary action, up to and including termination of employment or contract.