preloader
uTech

    IT Policies for Sohrab Solutions

    (Compliant with UK IT Laws, GDPR, and Industry Best Practices)

    Data Protection & Privacy Policy

    • Ensure compliance with the Data Protection Act 2018 (DPA 2018) and UK GDPR.
    • Personal data will be collected, processed, and stored lawfully.
    • Data subjects have rights to access, rectify, and delete their personal data.
    • Data must be encrypted in transit and at rest.
    • Regular audits will be conducted.

    Cybersecurity Policy

    • Multi-factor authentication (MFA) is mandatory.
    • Firewalls, IDS, and endpoint protection must be implemented.
    • Security patches and updates must be applied promptly.
    • Employees must undergo cybersecurity awareness training quarterly.
    • Regular backups of critical business data.

    Access Control & Authentication Policy

    • Access is granted based on the principle of least privilege.
    • Role-based access control (RBAC) will be enforced.
    • Regular access reviews will be conducted.
    • Strong, unique passwords and MFA are required.

    Cloud & Data Storage Policy

    • Cloud-stored data must be encrypted.
    • Only approved cloud service providers will be used.
    • Data retention and deletion policies will comply with GDPR.
    • No personal cloud storage for sensitive data.

    Incident Response & Disaster Recovery Policy

    • A Security Incident Response Team (SIRT) must be in place.
    • All incidents must be reported within 24 hours.
    • Disaster Recovery (DR) plans must be tested annually.
    • Backup data must be stored in separate locations.

    Acceptable Use Policy (AUP)

    • Company systems must be used only for business purposes.
    • No unauthorized software installation.
    • Personal devices require pre-approval for access.
    • Downloading or distributing prohibited content is forbidden.

    Software Development & Change Management Policy

    • All code must be reviewed before deployment.
    • Secure coding practices must be followed.
    • Version control system required for code tracking.
    • Critical system changes require CAB review.

    Third-Party & Vendor Security Policy

    • Vendors must undergo security risk assessments.
    • NDAs must be signed before sharing sensitive information.
    • Third-party systems must comply with ISO 27001 and GDPR.
    • Vendor access to company systems must be time-limited.

    Final Notes:

    • All employees must acknowledge and adhere to these policies. Non-compliance may result in disciplinary actions, including termination or legal action if necessary. Policies will be reviewed annually to align with legal and industry changes.
    • This document ensures Sohrab Solutions' IT policies align with UK regulations, securing data, systems, and client trust. Let me know if you need adjustments!
    PHONE:

    +88 1234567890

    EMAIL:

    [email protected]

    LOCATION:

    44 Center USA.

    Contact Us