Page 1 of 1

Information Transfer Policy

1. Purpose

This policy provides direction to maintain the security of information transferred within the organization or information transferred externally. Formal transfer policies, procedures and controls shall be in place to protect the transfer of information through the use of all types of communication facilities.

2. Scope and Applicability

This Policy and Procedures apply to all the transfer of information across the applications, personnel, systems and facilities of

3. Execution Responsibilities

The tech team, Information Security Manager (ISM), and (CTO) are responsible for the execution of various procedures relating to the information transfer policy included in this document

4. Information Transfer Policy

4.1. Procedures to prevent interception, copying, altering, misrouting, or destruction of transmitted information should be set up.

4.2. Processes to detect and protect malware from electronic communications which can be transmitted

4.3. Processes should be in place to protect sensitive information in the form of an attachment

4.4. Guidelines or rules should be set up specifying the appropriate use of communication facilities

4.5. Encryption techniques should be used as detailed in the Encryption policy to protect sensitive information and ensure confidentiality, integrity, and authenticity

4.6. All guidelines, procedures, and processes are to be in line with national legislation and regulation for all business correspondence including messages

4.7. Employees are advised to take all safety precautions in the transfer of information and not to disclose personal details

4.8. Sensitive information should not be left on answering machines

4.9. Staff should be trained on the use of fax machines and services safeguarding against unauthorized access for message retrieval

5. Guidelines for Implementation

5.1. Agreements shall address the secure transfer of business information between the organization and external parties.

5.2. Process in place to ensure traceability of information transfer and non-repudiation

5.3. Information involved in electronic messaging shall be appropriately protected.

5.4. Standards of courier identification

5.5. In the event of a data security incident, ensure staff refer to the agreed labeling system to identify information criticality and sensitivity

5.6. Ensure processes are in place for software and information recording and handling

5.7. Maintain a custody chain for the transmission of information

5.8. Ensure appropriate levels of control as detailed in the User Access controls are adhered to

5.9. Requirements for confidentiality or non-disclosure agreements reflecting the organization’s needs for the protection of information shall be identified, regularly reviewed and documented.

5.10. Do you have guidelines for Information Transfer?

6. Exceptions

Exceptions shall not be universal but shall be agreed on a case-to-case basis, upon official request made by the information owner. These may arise, for example, because of local circumstances, conditions or legal reasons existing at any point of time.

7. Disclaimer

7.1. reserve all rights and are the exclusive owner of all intellectual property rights over this Policy document. This document shall not, either in part or in full, be reproduced, published, copied, displayed, distributed, transferred, or stored in any media (such as hard disks, USB Drives, Pen Drives, Memory Cards, CDS, DVDs), and/or captured or transmitted through by any means (such as electronic, digital, mechanical, photocopying, recordings, video and film or photographs and otherwise) by any person without prior consent from the ISM. This Policy and procedure document is available with ISM and/or any other forum as decided by the management of . Anything not specifically stated in this Policy and procedure document shall not be considered as implied in any manner.

For any clarifications related to this Compliance Policy and procedure document with respect to its interpretation, applicability, and implementation, please write to the ISMS team. At dpo@.com

8. Enforcement

8.1. This policy and procedure is applicable to all the employees of the company who have access to and use the information assets and IT assets as listed in the Information Asset register which has been created for

8.2. Anyone found to have violated this policy will be subject to a process that will determine if the violation is just a process non-compliance issue that requires addressing or also includes ethical violations In the event of only the former, non-compliance could be issued by an internal auditor which would require corrective/preventive actions.

8.3. In the event of the latter, the ethical/regulatory concern process will be invoked to decide whether an ethical/security violation has occurred and to decide on appropriate disciplinary actions as per the Disciplinary procedure of

8.4. Management’s interpretation of the clauses in this procedure shall be final and binding. Management reserves the right to alter or amend any clause in this document at any time as per its discretion.