Introduction 

PC Lab is committed to maintaining the highest standards of cybersecurity to protect our clients’ sensitive information and our own digital infrastructure. This Cyber Security Policy outlines the measures and practices we implement to safeguard against cyber threats and ensure a secure digital environment for all stakeholders.

Scope This policy applies to all PC Lab employees, contractors, partners, and clients who access or use our systems, networks, and data.

1. Data Protection

• Encryption: All sensitive data are encrypted both in transit and at rest to prevent unauthorized access.
• Access Control: Access to sensitive data are restricted based on the principle of least privilege, ensuring that individuals only have access to the information necessary for their role.

2. Network Security

• Firewalls: Advanced firewalls is utilized to monitor and control incoming and outgoing network traffic based on predetermined security rules.
• Intrusion Detection and Prevention: Intrusion detection and prevention systems (IDPS) are employed to identify and block potential threats.

3. Endpoint Security

• Antivirus and Anti-Malware: All devices are up-to-date antivirus and anti-malware software installed to detect and mitigate malicious software.
• Patch Management: Regular updates and patches for all software and operating systems are applied to protect against vulnerabilities.

4. Employee Training

• Cybersecurity Training: Regular training sessions are conducted to educate employees about cybersecurity best practices, phishing, social engineering, and safe internet usage.
• Incident Reporting: Employees are trained to identify and report any suspected security incidents promptly to the IT department.

5. Incident Response Plan

• Detection and Identification: Procedures are established to detect and identify security incidents promptly.
• Containment and Eradication: Immediate steps will be taken to contain and eradicate threats to minimize impact.
• Recovery and Analysis: Systems will be restored to normal operations, and post-incident analysis will be conducted to prevent future occurrences.

6. Regular Audits and Assessments

• Security Audits: Regular internal and external security audits will be conducted to evaluate the effectiveness of security measures.
• Vulnerability Assessments and Penetration Testing: Periodic vulnerability assessments and penetration testing will be performed to identify and remediate potential security weaknesses.

7. Compliance

• Legal and Regulatory Compliance: PC Lab is committed to complying with all applicable cybersecurity laws and regulations to ensure the protection of data and systems.

8. Third-Party Security

• Vendor Assessments: Security assessments will be conducted for third-party vendors to ensure they meet PC Lab’s cybersecurity standards.
• Data Sharing Agreements: Agreements with third parties will include provisions to ensure the secure handling of shared data.