This policy aims to ensure the confidentiality, integrity, and availability of Addall XR’s information assets, minimize the risk of security incidents, and ensure compliance with applicable laws and regulations.

This policy applies to all Addall XR employees, contractors, and third parties that have access to company information assets.

The IT department is responsible for implementing and maintaining security measures, monitoring systems for breaches, and managing incident response. All employees are responsible for complying with this policy and reporting suspected breaches.

All company information shall be classified into categories, such as public, internal, confidential, and highly confidential, each with corresponding security measures.

Access to information assets shall be granted based on the least privilege principle. Passwords shall be strong and regularly updated. Two-factor authentication shall be used where possible.

Firewalls, antivirus software, and intrusion detection systems shall be used to protect systems. Regular security audits and vulnerability assessments shall be conducted.

In case of a security breach, the IT department shall follow the incident response plan to mitigate damage and prevent recurrence. All security incidents must be reported and recorded.

All employees shall receive regular cybersecurity training and updates.

All users of Addall XR’s information assets must comply with this policy. Non-compliance may lead to disciplinary action up to and including termination of employment.

This policy shall be reviewed at least annually or as needed based on changes in the company’s environment or risk assessment.