Information Security Policy
The aim of this policy is to establish and maintain the security and confidentiality of information, information systems, applications and networks owned or held by Nets Printwork Sdn Bhd by:
- Ensuring that all staff are aware of and fully comply with the relevant legislation as described in this and other policies.
- Introducing a consistent approach to security, ensuring that all staff fully understand their own responsibilities.
- Protecting information assets under the control of the organisation
1. Management of Security: The Document Controller shall be responsible for implementing, monitoring, documenting and communicating security requirements for the organisation.
2. Training and Employment Contract: Information security awareness training shall be included in the staff induction process and they will have to sign the Information Non-Disclosure Agreement.
3. Legislation Compliance: Nets Group of Companies shall comply with the Personal Data Protection Act 2010 and other legislation.
4. Access Control: Only authorised personnel who have a justified and approved business need shall be given access to restricted areas containing information systems or stored data.
5. Computer Access Control: Access to computer facilities shall be restricted to authorised users who have business need to use the facilities.
6. Equipment Security: In order to minimise loss of, or damage to, all assets, equipment shall be physically protected from threats and environmental hazards.
7. Security Control of Asset: Each IT asset, (hardware, software, application or data) shall have a named custodian who shall be responsible for the information security of that asset.
8. Information Control: Management of computers and networks shall be controlled through ISO standard documented procedures. Any changes shall be reviewed and approved by Management Representative.
9. Personal Data Security: Company endeavour to implement appropriate technical, physical, electronic and procedural security measures with applicable laws and regulations and industry standard to safeguard against unauthorised or unlawful processing of staff and customer personal data, and the destruction of, or accidental loss, damage to, alteration of, unauthorized disclosure of or access to personal data.
10. Reporting: Document Controller shall keep the management informed of the information security status of organisation by mean of regular reporting.
