Website Security Policy

The website security policy is designed to protect the website and its users from unauthorized access and malicious attacks. The policy includes measures to protect the website from unauthorized access, to prevent and detect attacks, and to respond to incidents.

Scope

This policy applies to all websites, web applications, and web services that are operated by the company. The policy applies to all employees, contractors, and third parties who have access to the company’s websites.

It is the responsibility of all employees, contractors, and third parties who have access to the company’s websites to comply with this policy.

Policy Statement

The company is committed to protecting the company’s websites from unauthorized access, attacks, and incidents.

The company will comply with all applicable laws and regulations, including the Data Protection Act 2012 and the General Data Protection Regulation (GDPR).

The company will comply with the requirements of the ISO/IEC 27001:2013 standard, which is the international standard for information security management systems.

The company will comply with the requirements of the Cyber Essentials scheme, which is a government-backed scheme to help organizations protect themselves against common cyber-attacks.

Policy Objectives

The primary objectives of the policy are to:

• Protect the company’s websites from unauthorized access.
• Protect the company’s websites from malicious attacks and incidents.
• Ensure that the company’s websites are secure and reliable.
• Protect the company’s websites from data breaches.
• Comply with all applicable laws and regulations.

Policy Requirements

The requirements of the policy are as follows:

Physical Security

The company will take reasonable measures to protect the company’s websites from unauthorized access, attacks, and incidents. This includes:

• Installing physical security measures, such as locks and alarms, to protect the company’s websites from unauthorized access.
• Installing physical security measures, such as locks and alarms, to protect the company’s websites from malicious attacks and incidents.
• Installing physical security measures, such as locks and alarms, to protect the company’s websites from data breaches.

Technical Security

The company will take reasonable measures to protect the company’s websites from unauthorized access, attacks, and incidents. This includes:

• Installing technical security measures, such as firewalls and anti-virus software, to protect the company’s websites from unauthorized access.
• Installing technical security measures, such as firewalls and anti-virus software, to protect the company’s websites from malicious attacks and incidents.
• Installing technical security measures, such as firewalls and anti-virus software, to protect the company’s websites from data breaches.

Access Control

The company will take reasonable measures to protect the company’s websites from unauthorized access, attacks, and incidents. This includes:

• Implementing access control measures, such as user accounts and passwords, to protect the company’s websites from unauthorized access.
• Implementing access control measures, such as user accounts and passwords, to protect the company’s websites from malicious attacks and incidents.
• Implementing access control measures, such as user accounts and passwords, to protect the company’s websites from data breaches.

Incident Management

The company will take reasonable measures to protect the company’s websites from unauthorized access, attacks, and incidents. This includes:

• Implementing incident management measures, such as incident reporting and incident response, to protect the company’s websites from unauthorized access.
• Implementing incident management measures, such as incident reporting and incident response, to protect the company’s websites from malicious attacks and incidents.
• Implementing incident management measures, such as incident reporting and incident response, to protect the company’s websites from data breaches.

Third Party Access

The company will take reasonable measures to protect the company’s websites from unauthorized access, attacks, and incidents. This includes:

• Implementing third party access measures, such as third party agreements, to protect the company’s websites from unauthorized access.
• Implementing third party access measures, such as third party agreements, to protect the company’s websites from malicious attacks and incidents.
• Implementing third party access measures, such as third party agreements, to protect the company’s websites from data breaches.

Policy Responsibilities

The responsibilities of the policy are as follows:

Board of Directors

The board of directors is responsible for:

• Approving the policy.
• Ensuring that the policy is implemented.
• Ensuring that the policy is reviewed and updated as necessary.

Management

Management is responsible for:

• Implementing the policy.
• Ensuring that the policy is reviewed and updated as necessary.

Employees

Employees are responsible for:

• Complying with the policy.

Policy Review

This policy will be reviewed and updated as necessary.

Policy Approval

This policy was approved by the board of directors on September 20, 2022.

Policy Distribution

This policy is available to all employees on the company intranet.

Policy History

This is version 1.0 of the policy. The current version is always available on the company intranet.

Policy Contact

For more information about this policy, please contact Mark Anthony Llego at markllego@gmail.com or 09919790048.