This Information Security Policy outlines the measures and controls that the recruitment company must implement to protect its information assets and ensure the confidentiality, integrity, and availability of sensitive data. This policy applies to all employees, contractors, and third-party vendors who have access to the company's information systems and data.
2.1 Security patches and updates shall be applied promptly after testing to minimise the risk of exploitation.
3.1 Wave Talent shall enforce a password policy that requires employees to change their passwords regularly.
3.2 Passwords must be complex, incorporating a mix of uppercase and lowercase letters, numbers, and special characters.
3.3 The minimum length requirement is 12 characters for general use or 8 characters if multi-factor authentication (MFA) is employed.
3.4. If there is reason to suspect that a password has been compromised, it must be promptly changed.
3.5 Passwords must not be reused across different systems or accounts.
3.6 MFA shall be implemented for accessing sensitive systems or data.
4.1 Wave Talent shall implement a clear desk policy to ensure that sensitive information is not left unattended and visible on desks or workstations.
4.2 Employees must securely store all physical documents containing sensitive information when not in use.
4.3 Computer screens must be locked or logged out when employees are away from their desks.
5.1 Wave Talent shall establish procedures for the secure disposal of clients' information in compliance with applicable laws and regulations.
5.2 Physical documents shall be shredded or securely destroyed before disposal.
5.3 Electronic data shall be permanently deleted or rendered unrecoverable using approved data destruction methods.