Data Security Policy

System Usage

a. All employees are required to use only company-provided systems for work-related activities.

b. Personal devices are strictly prohibited from being used for work tasks to ensure a controlled and secure environment.

c. Employees must follow the company’s guidelines for system usage, including the installation and regular updates of approved antivirus software.

Firewall Protection

a. The company employs a firewall system to safeguard the network from unauthorized access and potential threats.

b. The firewall is configured to block access to malicious and unwanted websites, protecting the company’s systems and preventing potential damages to client websites.

c. The IT team is responsible for monitoring and updating the firewall rules to address emerging threats and maintain a secure network environment.

Credential Management

a. When exchanging credentials, the company follows a secure procedure to ensure confidentiality and restrict access to authorized individuals.

b. Credentials are stored only within the company’s designated systems and are not accessible from any other system.

c. Access to credentials is granted based on strict authentication protocols and limited to company employees using company-provided systems.

d. Any unauthorized access attempts or suspicious activities related to credentials should be reported to the IT team immediately.

Employee Training and Awareness

a. Regular training sessions are conducted to educate employees about data security best practices, including the importance of adhering to the data security policy.

b. Employees are informed about potential risks, such as phishing attacks and social engineering, and trained to identify and report such threats promptly.

c. The data security policy is communicated to all employees, and they are required to acknowledge and adhere to it as a condition of their employment.

Incident Response

a. The company maintains an incident response plan to effectively address and mitigate any potential data breaches or security incidents.

b. The plan includes steps to detect, contain, and minimize the impact of security incidents promptly.

c. In the event of a security incident, a designated team is responsible for investigating, documenting, and reporting the incident, as well as implementing necessary remediation measures.

This data security policy is subject to regular review and updates as new technologies, threats, or regulatory changes emerge. All employees are expected to comply with this policy to maintain the confidentiality, integrity, and availability of the company’s data and systems.

Get Cost-Saving Audit!

Ready to bring secure AI workflows into your multi-unit business?

 Partner with Weam to build an automated AI system for your franchise network, multi-unit operation, or location-based brand.