SYNAGYST AFRICA

Information Security Conduct Policy

1. Introduction

The purpose of this Information Security Conduct Policy is to establish guidelines and expectations for the protection of confidential and sensitive information within Synagyst Africa. All employees, contractors, and third-party users are required to adhere to this policy to ensure the security and integrity of our information assets.

2. Policy Scope

This policy applies to all employees, contractors, consultants, temporary staff, and third-party users who have access Synagyst Africa ‘s information systems, networks, and data.

3. Responsibilities

  1. Management:

– Senior management is responsible for providing adequate resources and support for the implementation and enforcement of information security measures.

– Managers are responsible for ensuring that employees under their supervision understand and comply with this policy.

  1. Employees

– Employees are responsible for safeguarding confidential and sensitive information entrusted to them during the course of their work.

– Employees must report any suspected or actual security incidents or breaches promptly to the appropriate authorities.

4. Information Security Practices

  1. Access Control:

– Access to information systems and data should be granted on a need-to-know basis and in accordance with job responsibilities.

– Users must not share their login credentials or access privileges with unauthorized individuals.

  1. Data Protection:

– Confidential and sensitive information must be stored, transmitted, and processed securely using approved encryption methods and protocols.

– Employees must adhere to data classification policies to ensure that information is properly categorized and protected according to its sensitivity level.

  1. Physical Security

– Employees must lock their workstations when unattended and ensure that sensitive documents are stored securely when not in use.

  1. Security Awareness:

– All employees must complete information security training upon hire and participate in regular awareness programs to stay informed about security best practices and emerging threats.

  1. Incident Response:

– Employees must report any suspected or actual security incidents, including unauthorized access, data breaches, malware infections, or lost/stolen devices.

5. Compliance and Enforcement

  1. Compliance:

– Violations of this policy may result in disciplinary action, up to and including termination of employment or contract.

– Employees must comply with all applicable laws, regulations, and contractual obligations related to information security.

  1. Enforcement:

-Synagyst Africa reserves the right to monitor and audit employees’ use of information systems and networks to ensure compliance with this policy.

– Non-compliance with this policy may result in disciplinary action, legal penalties, and damage to the company’s reputation and business interests.

6. Policy Review

This Information Security Conduct Policy will be reviewed annually and updated as necessary to reflect changes in technology, regulations, and business requirements. Employees are encouraged to provide feedback and suggestions for improvement.