Effective Date: 5th June, 2023

 

Xceed365 Limited, hereinafter referred to as "we," "us," or "our," is committed to maintaining the security, integrity, and confidentiality of information assets entrusted to us by our clients. This Information Security Policy outlines our commitment to information security and provides guidelines for the protection of sensitive data within our HR SaaS platform, located at https://xceed365.com

 

​

Information Security Responsibilities

 

1. All employees, contractors, and third-party vendors accessing our systems are responsible for complying with this Information Security Policy and safeguarding the information assets they handle. We will provide appropriate training and awareness programs to ensure compliance with security procedures and standards.

 

​

Data Classification and Handling

 

2. We classify information assets based on their sensitivity, value, and regulatory requirements. Data shall be labeled and handled according to its classification level. Employees must exercise due care when handling sensitive data, including personal, financial, or confidential information, and adhere to the principles of least privilege and need-to-know.

 

​

Access Controls

 

3. Access to our HR SaaS platform and its associated data shall be granted on a need-to-know basis. User accounts will be assigned based on job roles and responsibilities. User access privileges shall be regularly reviewed and revoked promptly when no longer required. Strong authentication mechanisms, such as complex passwords and two-factor authentication, shall be implemented to protect user accounts.


 

​

Data Protection and Encryption

 

1. Sensitive data transmitted over public networks shall be encrypted using secure protocols. Data at rest and in transit within our systems shall be protected using industry-standard encryption techniques. Encryption keys and certificates shall be securely stored and managed.

 

​

Incident Response and Reporting

 

4. We maintain an incident response plan to effectively respond to and mitigate security incidents. Employees must promptly report any actual or suspected security incidents, including data breaches, to the designated incident response team. We will investigate reported incidents and take appropriate actions to minimize potential harm and prevent future occurrences.

 

​

System Monitoring and Logging

 

5. We employ monitoring and logging mechanisms to detect and respond to security events. Logs and security-related events shall be collected, reviewed, and retained in accordance with applicable legal and regulatory requirements. Log analysis and audit trails shall be regularly reviewed to identify potential security issues.


 

​

Physical Security

 

6. Physical access to our facilities, servers, and data storage locations shall be controlled and restricted to authorized personnel only. We will implement appropriate physical security measures to protect against unauthorized access, theft, and damage.

 

​

Business Continuity and Disaster Recovery

 

7. We maintain a business continuity and disaster recovery plan to ensure the availability and resilience of our systems and services. The plan includes regular backups, periodic testing, and alternative processing facilities to minimize the impact of disruptions.

 

​

Vendor Management

 

8. Third-party vendors and service providers that have access to our systems or data shall adhere to security standards and obligations outlined in contractual agreements. We will conduct due diligence when engaging with vendors and regularly assess their compliance with security requirements.


 

​

Compliance with Laws and Regulations

 

9. We are committed to complying with applicable laws, regulations, and industry standards related to information security and data protection. We will regularly review and update our security practices to ensure ongoing compliance with evolving legal and regulatory requirements.


 

​

Employee Termination

 

10. Upon termination of employment or engagement, access rights of employees, contractors, and vendors shall be promptly revoked. Necessary measures shall be taken to protect against unauthorized access or use of information assets.

 

​

Policy Review and Updates

 

11. This Information Security Policy will be reviewed periodically to ensure its relevance and effectiveness. Updates and revisions will be communicated to employees and made available on our website.


 

​

If you have any questions or concerns regarding our Information Security Policy or the handling of sensitive information, please contact us at [email protected] We appreciate your cooperation in helping us maintain the security and confidentiality of our HR SaaS platform

 

Last Updated: 5th June 2023