Information Security Policy
1. Purpose
The purpose of this Information Security Policy is to safeguard ISF RESEARCH WORKS’s information assets from unauthorized access, disclosure, alteration, destruction, or misuse. This policy applies to all employees, contractors, and third-party vendors who interact with our information systems.
2. Scope
This policy covers all data, systems, networks, and communication tools used or managed by ISF RESEARCH WORKS, including:
Customer and business partner information.
Internal business operations data.
Systems and infrastructure supporting customer support and real estate research activities.
3. Objectives
Ensure the confidentiality, integrity, and availability of information.
Protect against cyber threats and data breaches.
Comply with applicable legal and regulatory requirements, including Singapore’s Cybersecurity Act and Personal Data Protection Act (PDPA).
Foster a culture of security awareness among employees and partners.
4. Key Principles
4.1 Confidentiality
Access to sensitive data is restricted to authorized personnel only.
4.2 Integrity
Data must be accurate, complete, and protected from unauthorized modification.
4.3 Availability
Information and systems must be accessible to authorized users when needed.
5. Security Measures
5.1 Access Control
Role-based access management for systems and data.
Multi-factor authentication for accessing critical systems.
Regular review and update of user access permissions.
5.2 Data Protection
Encryption of sensitive data during storage and transmission.
Secure backup solutions and regular testing of recovery processes.
Data retention policies aligned with legal and operational requirements.
5.3 Network Security
Firewalls, intrusion detection systems, and anti-malware tools in place.
Regular vulnerability assessments and penetration testing.
Secure configurations for all devices and software.
5.4 Employee Training
Regular security awareness training for all employees.
Clear procedures for identifying and reporting security incidents.
5.5 Vendor and Third-party Management
Security assessments of third-party vendors before engagement.
Contractual obligations for maintaining information security standards.
6. Incident Response
In the event of a security breach:
A designated Incident Response Team will be activated.
Immediate steps will be taken to contain and mitigate the breach.
Affected parties will be notified as required by law.
A post-incident review will be conducted to prevent future occurrences.
7. Policy Compliance
Failure to comply with this policy may result in disciplinary action, up to and including termination of employment or contracts. All employees and third-party vendors are required to adhere to this policy.
8. Review and Updates
This policy will be reviewed annually or in response to significant changes in business operations or regulatory requirements. Updates will be communicated to all relevant parties.
9. Contact Information
For questions about this policy or to report a security concern, please contact us.