Cybersecurity Policy

  1. Purpose
    This policy outlines the cybersecurity framework for Arc network to protect digital assets, maintain data integrity, and ensure business continuity in an evolving threat landscape.
  2. Scope
    This policy applies to all employees, contractors, vendors, and any individuals with access to Arc network systems, networks, and data.
  3. Governance & Responsibility
    1. The group operations director is responsible for overseeing cybersecurity measures.
    2. Department heads must ensure compliance within their teams.
    3. All employees must adhere to security guidelines and report any suspicious activity.
  4. Access Control & Authentication
    1. Employees must use strong passwords and multi-factor authentication (MFA) for all systems.
    2. Access is granted based on the principle of least privilege.
    3. Regular access reviews will be conducted to ensure only authorized personnel have access to sensitive data.
  5. Data Protection & Privacy
    1. All company and customer data must be encrypted in transit and at rest.
    2. Employees must follow GDPR, California Consumer Privacy Act, and other relevant data protection regulations.
    3. Personal and sensitive data must only be stored on approved devices and platforms.
  6. Network Security
    1. Firewalls, intrusion detection systems (IDS), and anti-malware tools must be used to safeguard networks.
    2. All company devices must have up-to-date security patches and antivirus software.
  7. Incident Response & Reporting
    1. A formal incident response plan is in place to manage security breaches.
    2. Employees must report any suspected breaches or phishing attempts immediately.
    3. Security incidents will be logged, analysed, and remediated to prevent recurrence.
  8. Employee Training & Awareness
    1. Cybersecurity training is mandatory for all employees.
    2. Regular phishing simulations and awareness programs will be conducted.
    3. Employees must undergo refresher training at least annually.
  9. Third-Party & Vendor Management
    1. Vendors must comply with Arc network’s cybersecurity standards, detailed in this policy.
    2. Third-party access to company systems must be monitored and reviewed regularly.
    3. Contracts must include cybersecurity clauses and compliance requirements.
  10. Business Continuity & Disaster Recovery
    1. Regular data backups are conducted and securely stored.
    2. A disaster recovery plan is in place and tested annually.
    3. Systems have redundancy and failover mechanisms to ensure minimal downtime.
  11. Policy Compliance & Enforcement
    1. Non-compliance with this policy may result in disciplinary action.
    2. Regular audits and assessments will be conducted to ensure policy adherence.
    3. Employees are encouraged to provide feedback for continuous policy improvement.
  12. Review & Updates
    1. This policy will be reviewed annually and updated as necessary by the group operations director or deputy.
    2. Any major cybersecurity incidents will trigger an immediate review of the policy.