top of page

IT Security Policy

​

1. Introduction: This IT Security Policy outlines the principles, guidelines, and responsibilities that Efficient Growth Consulting Limited (EGC) employees must adhere to in order to ensure the security of information technology systems, data, and assets. Owen Lewis, designated as the lead, is responsible for the implementation and enforcement of this policy.

2. Policy Scope: This policy applies to all EGC employees, contractors, consultants, and third parties who access, use, or handle EGC's information technology resources.

3. Information Security Responsibilities:

  • All employees are responsible for adhering to this policy and participating in IT security awareness training.

  • Owen Lewis, as the policy lead, is responsible for oversight, implementation, and continuous improvement of IT security measures.

4. Access Control and Authentication:

  • All users must use strong and unique passwords for accessing EGC systems and applications.

  • Multi-factor authentication (MFA) must be enabled for accessing critical systems and sensitive data.

5. Data Protection and Handling:

  • Sensitive and confidential data must be classified and protected according to the data classification policy.

  • Data encryption must be utilized for data at rest and during transmission.

  • Data access must follow the principle of least privilege.

6. Network and Endpoint Security:

  • All devices accessing EGC's network must have updated antivirus software and security patches.

  • Unapproved devices must not be connected to EGC's network without prior authorization.

7. Email and Communication Security:

  • Be cautious of phishing emails and never share sensitive information via email.

  • Attachments and links from unknown or suspicious sources should not be opened.

8. Incident Reporting and Response:

  • All security incidents, breaches, or suspected compromises must be reported to Owen Lewis immediately.

  • An incident response plan is in place to swiftly address and mitigate security incidents.

9. Data Retention and Disposal:

  • Data retention policies must be followed to ensure that unnecessary data is securely disposed of when no longer needed.

10. Compliance:

  • All IT activities must comply with relevant laws, regulations, and industry standards.

  • Owen Lewis ensures that EGC's IT practices align with applicable data protection regulations.

11. Security Audits and Monitoring:

  • Regular security audits, vulnerability assessments, and monitoring activities are conducted to identify and address security weaknesses.

12. Employee Training and Awareness:

  • All employees must complete mandatory IT security awareness training to stay informed about security best practices and threats.

13. Policy Enforcement:

  • Violations of this policy may result in disciplinary action, up to and including termination of employment or legal action if warranted.

14. Policy Review and Updates:

  • This policy will be reviewed periodically by Owen Lewis to ensure its relevance and effectiveness.

  • Updates will be made as needed to address emerging threats and industry changes.

​

By adhering to this IT Security Policy, EGC employees contribute to the protection of the organization's technology resources, data, and reputation. For any inquiries or concerns related to IT security, contact Owen Lewis at owen@efficientgrowthconsulting.net.

bottom of page