CYBERSECURITY POLICY

1. Purpose

The purpose of this policy is to ensure the secure use, handling, and management of data within INTESh. Although the INTESH System does not offer built-in cybersecurity solutions, this policy outlines guidelines and best practices to ensure the system is used in secure environments and that data integrity, confidentiality, and availability are maintained.

2. Scope

This policy applies to all users, clients, and administrators of the SHERMAN System. It covers:

Data protection standards
Secure integration within client environments
Monitoring and incident response

3. Data Security and Confidentiality

Data Encryption: All data transmitted between the IntESH System will be protected using encryption protocols (e.g., TLS) to safeguard against unauthorized access during transmission.
Access Control: Role-based access control (RBAC) is implemented to limit access to specific functionalities based on the user’s role.
Data Retention: Data stored within the IntESH System will adhere to client policies for retention and disposal, ensuring that sensitive data is managed and disposed of securely.

4. System Integration and Client Environment

Client Integration: The IntESH System is designed to operate within the client’s existing cybersecurity infrastructure. As such, the system can be integrated into networks protected by firewall, anti-malware, and intrusion detection systems as provided by the client.
Secure Network Configuration: It is the responsibility of the client’s IT and security teams to ensure that the IntESH System operates within a secure network configuration that aligns with their internal security standards.

5. Incident Response

Incident Reporting: In the event of a potential security breach or incident, IntESH team will collaborate with the client’s security team to provide necessary data and support in addressing the issue.

6. Regulatory Compliance

Data Privacy Laws: IntESH is committed to complying with relevant local and international data privacy regulations, including but not limited to the Malaysia Personal Data Protection Act (PDPA) and General Data Protection Regulation (GDPR).

7. Responsibilities

InTESH System Provider: We are responsible for ensuring the system’s data protection features and configurations are in place and for providing support in the event of security concerns or integration needs.
Clients: It is the responsibility of the client’s IT team to integrate the IntESH System into a secure environment, ensuring that appropriate cybersecurity measures, such as firewalls, anti-virus, and access controls, are implemented.

8. Continuous Improvement

IntESH team is committed to improving the security of the system and maintaining alignment with cybersecurity best practices. Regular reviews of this policy will be conducted to ensure continued relevance and effectiveness.

INTESH

CYBERSECURITY POLICY

Cybersecurity Policy