Privacypolicy
Temple City Technologies has the following specific policies to safeguard information system assets:
- Only use devices approved by Temple city technologies (P) Ltd. (TCT) to connect to resources belonging to TCT or its clients
- Company email id to be used primarily for official use. Some personal use is permitted as long as it does not conflict with any of TCT’s business interests or add strain to server resources
- Use of the assets to browse and download from websites with malware content is prohibited and may result in punitive actions
- Use of assets should not circumvent any control systems implemented by TCT to log and monitor access to assets
1. Acceptable use policy (AUP):
- Users should only use their assigned ids to access resources needed for carrying out their work
- Passwords need to be complex to prevent hacking and needs to changed by the users periodically as required by the sensitivity of the resource or application accessed
- Access credentials like passwords, biometrics should be encrypted and stored
- No user access to any backup data or archives unless requested and provided by TCT Security Management
- All Work from home devices should comply with TCT’s access control policies.
- All remote access endpoints would be properly protected using firewalls and malware protection.
- All Work from home devices should comply with TCT’s access control policies.
- All network connections for Work at Home scenarios should be communicated to TCT security management along with the provider and the type of connections
- Users should ensure end to end encryption for all connections outside the office premises
- Users would be responsible for all activities logged using their access credentials
2. Access control policy (ACP):
- Change management policy relates all changes related to hardware, operating systems and applications
- All user hardware changes (devices like laptops, modems and network assets) need to be communicated to TCT security management and recorded against the user
- Application changes are logged in separately for individual applications by the project managers and documented as per guidelines for that application
3. Change management policy:
- The infosec policy is based on Information Integrity, Availability and Confidentiality
- Users need to familiarize themselves with the TCT’s Information Security Policy and guidelines by participating in the Information Security training sessions periodically at TCT
- The information security policy comprises of all the individual policies governing the information assets of TCT and its clients
4. Information security policy:
- In case of a security breach that is identified by any employee or user, the same needs to be communicated to the immediate supervisor or the TCT security manager who will document it immediately with relevant detail of nature of impact, time
- The incident report has to be completed and archived by the TCT security manager with closing notes
5. Incident response (IR) policy:
- All remote access endpoints would be properly protected using firewalls and malware protection.
- All Work from home devices should comply with TCT’s access control policies.
- All network connections for Work at Home scenarios should be communicated to TCT security management along with the provider and the type of connections All Work from home devices should comply with TCT’s access control policies.
- Users should not use access modes not authorized by TCT Security Manager
- Users should ensure end to end encryption for all connections outside the office premises
- Users would be responsible for all activities logged using their access credentials
6. Remote access policy:
- All official communications within TCT or to Clients would be from official email ids assigned to users
- Users will not communicate to email ids not officially belonging to clients or TCT users excepting some personal emails as per the next guideline.
- Company email id to be used primarily for official use. Some personal use is permitted as long as it does not conflict with any of TCT’s business interests or add strain to server resources
- No social media access is permitted for personal use unless it is for research relating to a project at hand
7. Email/communication policy:
- Refer TCT Disaster Recovery policy documentation.
8. Disaster recovery policy:
- Refer TCT Business Continuity policy documentation.
9. Business continuity plan (BCP):
-
Data is classified as
- Confidential
- Public
- Internal
10. Data classification policy:
- Refer individual Cloud Policy specific to application.
11. SaaS and cloud policy:
- Refer IAM Policy and the guideline 2 above.
12. Identity access and management (IAM) policy:
- Refer TCT Data Security Policy along with Application specific Data.
13. Data security policy:
-
Personally identifiable Data includes but not limited to:
Email Id
First name and last name
Phone number
Address
- Temple city technologies (P) Ltd. (TCT) does not collect or retain personally identifiable data from any of its clients unless the data is made available to TCT by the clients.
- The data made available to TCT will not be retained or shared with any third parties excluding any data that may are part of API request payloads that are consumed as part of customer application’s workflow.
- Wherever possible, Personally identifiable data should not stored in local stores without encryption
- Wherever possible, Personally identifiable data should not be part of any reports and download documents.
- No hardcopy should be printed out of any document with personally identifiable data without express approval from TCT Security manager.
- Report any access violation and suspicious emails (phishing, mails from unknown email ids and emails with suspicious attachments/ links) to TCT Security manager.
14. Privacy regulations:
- No Personal or mobile devices are authorized to access Information resources of TCT or its clients.
15. Personal and mobile devices policy: