Data Breaches Policy

This policy sets out the Skylink network criteria design for global code of ethics.

Effective: 20 January 2020

Overview

This policy sets out Skylink network’s principles for reporting and responding to a data breach and an eligible data breach.

Scope

This policy applies to everyone who works for Skylink network in any capacity, full-time, part-time or casual, including temporary employees and contractors.

Principles

Skylink Networks understands that a risk-free environment is unattainable, while the level of risk associated with Skylink’s  commitments with the step to control and change.

        • Responding promptly and effectively to data breached and information security incidents ensures compliance with the organization’s legal and morals obligations and will minimize the risk to the confidentiality, integrity and availability of Skylink Network information as well as the right and freedoms of individuals.
        • All whom this procedure applies to must comply with its terms. Failure by any relevant person to do so may result is disciplinary action being taken against them. Failure to comply with the terms of this  procedure by an organization to whom it applies, may result in the termination of contractual relation.
        • The IT System Administrator & Data Science Strategist shall monitor compliance with the procedure and provide report in respect of the same to the BCP coordinators.

         

    Information security incidents:
    An information security incident causes or may cause the loss, damage, un-availability or unauthorized disclosure of organization information. The following but not limited to are the example of organizational security incidents:

      • Loss of paper records containing confidential data/ commercially sensitive data.
      • Loss of equipment on which confidential data /commercially sensitive data is stored. (e.g., but not limited to mobile phone, laptop, iPad, USB, hard disk, memory card)
      • Unauthorized or accidental use, access to, or modification of data or information (sharing of login details – deliberately or accidently) to gain unauthorized access or to make unauthorized changes to data or information systems)
      • Disclosure of sensitive or confidential information (e.g. but not limited to, email, document sent to an unintended recipient or posted in the public domain)
      • Loss, damage or destruction of sensitive or confidential data (e.g. as a result of changes or deletions made by staff which are stored on organization IT Systems)
      • Disturbance of IT systems results in data being unavailable.
      • Account of any user shared - deliberately or accidently (e.g. but not limited to, login details shared with others or obtained via email or any other source)
      • Cyber attack 

     

    Reacting to data breach or any other information security incidents:

    Upon discovering any data breach or any other information security incident, staff should report this immediately at :

     

    Data Science Strategist and IT System Administrators responsible to maintain a register of reported incidents which shall include any investigation, action to be taken and prevention timeline.

Responsibility

The IT Policy shall be implemented by the IT Administrator to maintain the above quality management systems throughout the Skylink network.

Compliance and Review

The IT Administrator  is responsible for establishing, overseeing, and assessing achievement against measurable objectives in relation to goals set out in this policy.

The IT Department is responsible for all other objectives and initiatives set out in this policy.

Infringement of this Policy

Skylink network has a long-standing commitment to conduct our business in compliance with all applicable local and international laws and regulations and in accordance with the highest ethical business principles and any violations of the policy will lead to disciplinary action up to and including dismissal of personnel/contract cancellation.

Further Information

For further information, contact with the Human Resources Department or Compliance Administrator