Good privacy practices  are a key part of corporate governance and accountability.

 

One of today’s key business imperatives is maintaining the privacy of personal information. As business systems and processes become increasingly complex and sophisticated, organizations are collecting growing amounts of personal information. As a result, personal information is vulnerable to a variety of risks, including loss, misuse, unauthorized access, and unauthorized disclosure.

 

The Privacy Principles are essential to the proper protection and management of personal information. They are based on internationally known fair information practices included in many privacy laws and regulations of various jurisdictions

around the world and recognized good privacy practices.

 

We are expected to strike a balance between the proper collection and use of our customers’ personal information as individuals expect their privacy to be respected and their personal information to be protected by the organizations with which they do business.  Customers are no longer willing to overlook an organization’s failure to protect their privacy.

 

We must ensure that we provide notice about our privacy policies and

procedures and identify the purposes for which personal information is collected,

used, retained, and disclosed

 

We must ensure that we have a documented process in place ensuring

that personal information is collected, used, retained, disclosed, and disposed of in conformity with applicable privacy and data protection legislation in the jurisdictions in which we operate, and that we will obey and uphold those laws

 

We must ensure that personal data will never be sold, lent or leased to

third parties to be used in direct marketing via email, direct mail, telephone and

other methods of communication.

​

We must ensure that we have addressed the following generally accepted Privacy Principles as requested by the FAIM Quality Standard:

- Management:

We define, document, communicate, and assign accountability for our privacy policies and procedures.

- Notice:

We provide notice about our privacy policies and procedures and identify the purposes for which personal information is collected, used, retained, and disclosed.

- Choice and consent:

We describe the choices available to the individual and obtain implicit or explicit consent with respect to the collection, use, and disclosure of personal information.

- Collection:

We collect personal information only for the purposes identified in the notice.

- Use, retention, and disposal:

We limit the use of personal information to the purposes identified in the notice and for which the individual has provided implicit or explicit consent.

We retain personal information for only as long as necessary to fulfill the stated purposes or as required by law or regulations and thereafter appropriately disposes of such information.

- Access:

We provide individuals with access to their personal information for review and update.

 

- Disclosure to third parties:

We disclose personal information to third parties only for the purposes identified in the notice and with the implicit or explicit consent of the individual.

 

- Security for privacy:

We protect personal information against unauthorized access.

 

- Quality:

We maintain accurate, complete, and relevant personal information for the purposes identified in the notice.

 

- Monitoring and enforcement:

We monitor compliance with its privacy policies and procedures and have procedures to address privacy related complaints and disputes.

​

​

​

Environmental policy

 

 

MISSION STATEMENT

 

Interdean is a professional organisation dedicated to providing world-class service based on our core values of ethics, reliability and consistency.

 

Interdean is an environmentally responsible employer. The company is dedicated to minimizing its impact on the environment by exercising its control and influence over the various aspects of its business.

Interdean is committed to conducting its activities to reflect best environmental practice, working to reduce waste, prevent pollution, and limit the consumption of natural resources.

 

Understanding Our Impact:

Interdean aims to understand the effect it has on the environment. Where possible Interdean will quantify this, involving specialist external partners when required.

 

Management & Control:

Interdean maintains clear and tangible plans, allocating resources and responsibilities in order to achieve targets.

 

Targeted Reductions:

Interdean sets meaningful targets to continually improve on environmental performance and the environmental management system. Targets must be SMART - Specific, Measurable, Achievable, Relevant and Timed.

 

Commitments:

 Interdean will comply with all relevant environmental legislation, the company’s programmes and targets.

Interdean will maintain a framework to set, implement and review environmental objectives which will enable the company to measure and improve its environmental performance.

 Interdean will apply best practices to ensure the prevention of pollution.

Interdean will take positive action to identify, manage and reduce carbon emissions.

Interdean will purchase from sustainable sources whenever possible and buy recycled products where quality is not compromised and environmental impact is not increased.

​

Interdean will actively promote the “reduce, re-use, recycle” message both internally, and to customers and suppliers.

 

Involvement:

Interdean realizes that the success of its environmental policy requires the involvement including staff and the backing of senior management, in order to maximize the possibility of change.

Interdean will influence and support staff to commit to this process, and we

encourage our suppliers and subcontractors to adopt the same responsible behaviors.

Interdean will assist clients and customers to reduce the environmental impact of their move.

 

We must ensure that we comply with all relevant local environmental legislation.

​

​

Corporate Social responsibility

 

Respect is Our Corporate Responsibility Brand!

 

We are encouraged that customers, staff and other stakeholders are showing keen interest in the sustainability efforts of the company. After many years of investment and embedding sustainability into the company culture, we are well placed to meet and exceed customer expectations on Corporate Social Responsibility (CSR). Our CSR strategy contains five prioritized areas:

 

Ethics and Behavior

Binding guidelines with the aim of ensuring that all employees perform their duties in accordance with the company’s business ethics.

Supplier Standards

Ethical standards that suppliers must follow. Interdean will ensure that these standards are, at a minimum, in compliance with the UN Global Compact.

Health and Safety

Ensure a healthy working environment for all employees

Environment

Assume responsibility for reducing the environmental footprint.

Anti-Corruption

Maintain a zero tolerance approach to anti-corruption in all its forms.

Governance Structure

CSR is an integral part of daily business operations and decision making at the Interdean company. The governance structure is led by a sustainability team who aligns sustainability objectives, implement programmers and sharing best practices. The team consists of members in each region with overall responsibility held by the company’s manager.

 

We must ensure we:

- Commit for dealing with healthy and safe working environment for employees; protection against harassment; anti- discrimination policy based on race, religion, disability and sexual orientation.

- Legal, ethical, honest and professional relationships with customers,

employees, vendors and suppliers.

- Anti-trust or anti-competitive activities; especially top level commitment to free

and fair competition e.g. Agreements with potential competitors which prevents, restricts or distorts competition; exchange of sensitive commercial data regarding prices or quantities (including sales, market share, territories or customers).

 

- Compliance with applicable laws, rules and regulations.

- Escalation and corrective actions process.

 

Will not engage or participate in any way, in anti-competitive behavior or

infringement of competition laws including but not limited to price-fixing.

Will maintain the highest level of legal, ethical, honest and professional

relationships with clients and Transferees, employees, and suppliers.

Will not discriminate on the basis of race, religion, disability, age, sexual orientation or gender.

Will remain alert to any incident involving the smuggling of drugs or any other illegal substances, or any incident of human trafficking – and alert the police or other appropriate authorities as soon as such an incident is discovered.

Will comply with applicable legislation relating to the recruitment and employment of our staff.

Will ensure that all operative crew personnel assigned to work at or in a

Transferee’s private residence are known to them and (where legally possible) are

vetted by means of an approved Criminal Background Check (police record heck);

such background check(s) to be retained on record by the supplier.

Will ensure that all applicable personnel, whether direct employees or contractors are legally entitled to work in the country in which they are employed.

Will ensure that all personnel, whether direct employees or contractors are

employed through their own free will with no coercion from other parties.

Will ensure that all personnel, whether direct employees or contractors are aged at least 18 years or over.

Will pay at least the national minimum wage.

Will ensure that all personnel, whether direct employees or contractors are able to work free from harassment of any kind.

​

​

Supply Chain Management Policy

 

We confirm that we meet minimum requirements:

 

Perform selection and approval of Service Providers.

 

Maintain a list of approved Service Providers, which should be readily available to staff.

 

Provide written instructions in advance to the service provider and / or contractor, including billing instructions.

 

Control quality performance in our Supply Chain. Control Data Protection (privacy) in our Supply Chain. Mitigate the risk of Bribery & Corruption in our Supply Chain.

 

Based on these and other standards, Interdean has developed a Supplier Code of Conduct that is applicable throughout our organization and we expect everyone with whom Interdean has commercial dealings to support these basic principles:

The supplier shall comply with all laws applicable to its business. This especially applies to:

 

Improper Payments/Bribery: The supplier will apply a zero-tolerance approach with respect to corruption, extortion and bribery in accordance with principle 10 of the UN Global Compact.

The supplier shall comply with international anti-bribery standards as stated in the United Nations Global Compact www.unglobalcompact.org as well as local anti-corruption and bribery laws. In particular, the supplier may not offer services, gifts or benefits to Interdean employees in order to influence employee conduct in representing Interdean.

Interdean does not tolerate and will not participate in any bribery directly or through intermediaries. The supplier must report incidents, risks and issues which deviate from the policy occurring on any service provided to Interdean.

 

Child and Forced Labor: The supplier must not employ children under the age of 18. If national laws or regulations allow children between the ages of 13 and 15 to perform light work, such work is not permitted in any case if it would hinder a minor from the completion of compulsory schooling or training, or if the employment would be harmful to their health or development. The supplier shall make no use of forced or compulsory labor.

​

Compensation and Working Hours: The supplier shall comply with the respective national laws and regulations regarding working hours, wages and benefits.

Discrimination: The supplier does not discriminate on the basis of race, religion, disability, age, sexual orientation or gender.

 

Health & Safety: We expect our suppliers to strive to implement the standards of occupational health and safety at a high level.

 

Environment: The supplier shall comply with all applicable environmental laws, regulations and standards as well as implement an effective system to identify and eliminate potential hazards to the environment. We also expect our suppliers to take environmental protection into account in their own operations by setting protection goals for themselves and achieving them

 

Business Partner Dialogue: The supplier shall communicate the principles stated in the Code of Conduct and detailed above to its subcontractors and other business partners who are involved in supplying the products and services described in the main contract.

 

Compliance with the Supplier Code of Conduct: Interdean reserves the right, upon reasonable notice to check compliance with the requirements of the Supplier Code of Conduct. Santa Fe encourages its suppliers to implement their own binding guidelines for ethical behavior.

 

Any breach of the obligations stipulated in this Supplier Code of Conduct is considered a material breach of contract by the supplier.

​

​

Health & Safety including fire prevention

 

We comply with all applicable Health & Safety laws in all jurisdictions in which we

operate.

Have a documented Health & Safety policy covering all aspects of our normal work to ensure adequate control of health and safety risks arising from work activities.

Have nominated a senior manager to have responsibility for the enforcement and

regular review of this policy.

 

Comply with all relevant Fire Safety legislation.

 

Have a documented Fire Safety policy.

 

Have nominated a fulltime employee Fire Safety officer.

 

Maintain and replace as necessary all firefighting equipment, fire alarm and fire

preventions systems.

 

Conduct and record regular Fire Drill procedures for all employees.

 

Ensure that adequate Building escape routes are identified, clearly signed, kept

clear of obstruction and that employees are made aware of them through regular

drills.

​

​

Licensing

 

We have all appropriate licenses required to operate our business in the jurisdiction in which we are situated.

 

We confirm that all vehicles which we operate or use are correctly licensed for the applicable purpose.

 

We ensure that all vehicles which we operate or use are maintained for safety and road worthiness, and periodically safety and roadworthiness tested according to local regulatory requirements.

​

​

New Risk management Policy

 

The purpose of this Risk Management Policy is to establish a systematic approach for identifying, analyzing, evaluating, treating, and monitoring risks associated with the operations of Interdean Ltd a moving company. This policy aims to ensure the effective management of risks to protect the company, its employees, clients, and stakeholders.

This policy applies to all employees, contractors, and stakeholders involved in the activities of Interdean Ltd

Risk Identification:

Operational Risks:

Damage to goods during transportation.

Accidents and injuries during loading/unloading processes.

Delays in transportation causing scheduling disruptions.

Financial Risks:

Budget overruns due to unforeseen expenses.

Fluctuations in fuel prices affecting operational costs.

Economic downturn affecting demand for moving services.

Compliance Risks:

Failure to comply with licensing requirements.

Insufficient insurance coverage.

Non-compliance with safety and transportation regulations.

Reputation Risks:

Negative customer reviews and complaints.

Incidents during moving processes affecting the company's image.

Failure to meet customer expectations.

Technology Risks:

Cybersecurity threats, including data breaches.

System failures affecting operations and customer data.

Inadequate technology infrastructure for efficient operations.

Risk Analysis and Evaluation:

Likelihood and Impact:

Use a standardized risk matrix to assess the likelihood and impact of identified risks.

Prioritize risks based on their potential impact on the company's objectives.

Scenario Analysis:

Conduct scenario analysis to understand potential outcomes and develop mitigation strategies for high-impact events.

Consider different risk scenarios to enhance preparedness.

​

Risk Treatment:

Operational Controls:

Implement operational controls, such as proper packaging, secure loading procedures, and vehicle maintenance, to minimize the likelihood of accidents and damages.

Financial Controls:

Establish financial controls, including regular budget reviews, cost monitoring, and financial forecasting, to mitigate financial risks.

Compliance Measures:

Regularly review and update compliance measures to ensure adherence to licensing, insurance, and safety standards.

Reputation Management:

Implement customer service protocols, quality assurance measures, and communication plans to maintain a positive reputation.

Technology Safeguards:

Implement cybersecurity measures, conduct regular system audits, and invest in technology upgrades to protect against technology-related risks.

Risk Monitoring:

Regular Reviews:

Conduct regular reviews of identified risks to ensure their continued relevance and update risk assessments as needed.

Reporting:

Establish a reporting mechanism for employees to report identified risks or potential issues promptly.

Implement a culture of open communication regarding potential risks.

Continuous Improvement:

Learning from Incidents:

Analyze incidents and near-misses to identify areas for improvement in risk management processes.

Implement corrective actions based on lessons learned.

Training and Awareness:

Provide ongoing training and awareness programs to ensure all employees are knowledgeable about risk management practices.

Review and Updates:

This policy will be reviewed annually or as needed to ensure its effectiveness and relevance in light of changing business environments and risk landscapes. Updates will be made to reflect any significant changes in operations or industry best practices.

​

Risk Categories:
Internal Risks:
Operational Risks:
Accidents during loading/unloading.
Vehicle breakdowns and delays.
Inadequate staff training and adherence to safety protocols.
Financial Risks:
Budget overruns.
Fluctuations in fuel prices.
Economic downturn affecting demand.
Compliance Risks:
Non-compliance with licensing requirements.
Insufficient insurance coverage.
Regulatory changes impacting operations.
Human Resources Risks:
Employee turnover affecting service quality.
Insufficient training and development programs.
Labor disputes impacting operations.

External Risks:
Market Risks:
Business Continuity Risks:
Disruptions to supply chains affecting the availability of moving supplies.
Market competition impacting the company's ability to secure contracts.
Changes in customer preferences and demand.
Economic Risks:
Economic downturn impacting moving volumes.
Fluctuations in currency exchange rates.
Legal and Regulatory Risks:
Changes in transportation regulations.
Legal actions against the company.
Compliance with environmental standards.
Reputation Risks:
Negative customer reviews and public relations incidents.
Damage to the company's brand image.
Risk Identification and Assessment:
Internal Risk Identification:
Conduct regular internal risk assessments involving all departments.
Encourage employees to report internal risks through designated channels.
External Risk Identification:

Business Continuity Planning:

Natural Disasters: Identify and assess risks associated with natural disasters such as earthquakes, floods, or hurricanes, which may disrupt operations.

Supply Chain Disruptions: Evaluate the vulnerability of the supply chain to external factors, including disruptions in the availability of moving supplies.

Monitor industry trends, market conditions, and regulatory changes.

Participate in industry forums to stay informed about external risks.

 

Risk Impact and Likelihood:

Use a standardized risk matrix to assess the impact and likelihood of identified risks.

Prioritize risks based on potential consequences and likelihood.

 

Risk Mitigation and Treatment:

Operational Controls:

Implement operational controls to reduce the likelihood of accidents, delays, and service disruptions.

Conduct regular safety drills and training programs.

Financial Controls:

Establish financial controls, including budget monitoring and cost containment measures.

Diversify fuel sources to mitigate the impact of price fluctuations.

Compliance Measures:

Regularly review and update compliance measures to align with changing regulations.

Invest in technology solutions to enhance compliance tracking.

Market Diversification:

Explore new markets and service areas to reduce dependence on a specific region or customer segment.

Reputation Management:

Implement customer satisfaction surveys and feedback mechanisms.

Develop and communicate a crisis communication plan.

Business Continuity Planning:

Establish a comprehensive business continuity plan that addresses potential disruptions to the supply chain, such as alternative suppliers and storage facilities.

Conduct regular drills to test the effectiveness of the business continuity plan.

Risk Monitoring and Reporting:

Regular Reviews:

Conduct regular reviews of identified risks to ensure their continued relevance and update risk assessments as needed.

Monitor internal and external risk landscape changes.

​

Reporting Mechanism:

Establish a reporting mechanism for employees to report identified risks or potential issues promptly.

Implement regular risk reporting to senior management.

Continuous Improvement:

Learning from Incidents:

Analyze incidents and near-misses to identify areas for improvement in risk management processes.

Implement corrective actions based on lessons learned.

 

Pandemic Risks:

Business Continuity Risks:

Pandemic Outbreak: Assess the risk of a pandemic affecting the normal operations of the moving company, including disruptions in the availability of staff, supplies, and potential changes in customer demand.

Government Restrictions: Evaluate the impact of government-imposed restrictions, lockdowns, or travel bans on the ability to conduct moving services.

Risk Identification and Assessment:

External Risk Identification:

Pandemic Preparedness:

Regularly monitor global and local health organizations for information on potential pandemics.

Stay informed about emerging infectious diseases and their potential impact on the company's operations.

Risk Impact and Likelihood:

Pandemic Risk Assessment:

Assess the potential impact of a pandemic on the workforce, supply chain, and customer demand.

Evaluate the likelihood of government-imposed restrictions affecting business operations.

Risk Mitigation and Treatment:

Operational Controls:

Pandemic Response Plan:

Develop and implement a comprehensive pandemic response plan outlining measures to protect employees and customers.

Establish protocols for remote work where feasible and safe.

​

Supply Chain Resilience:

Supplier Communication:

Maintain open communication with key suppliers to assess their pandemic preparedness and ensure the continuity of the supply chain.

Diversify suppliers where possible to minimize dependencies.

Customer Communication:

Communication Strategy:

Develop a communication strategy to keep customers informed about any potential service disruptions during a pandemic.

Establish clear communication channels for updates and inquiries.

Employee Support:

Health and Safety Measures:

Implement health and safety measures in line with public health guidelines to protect employees during a pandemic.

Provide necessary resources for employees to work safely, including personal protective equipment (PPE) and sanitization supplies.

Risk Monitoring and Reporting:

Regular Reviews:

Pandemic Preparedness Reviews:

Conduct regular reviews of the pandemic response plan to ensure its effectiveness and relevance.

Monitor updates from health authorities to stay informed about the evolving situation.

Reporting Mechanism:

Incident Reporting:

Establish a reporting mechanism for employees to report potential symptoms, exposures, or concerns related to a pandemic.

Implement regular reporting to senior management on the status of pandemic preparedness measures.

Continuous Improvement:

Learning from Incidents:

Pandemic Incident Analysis:

Analyze incidents or near-misses related to pandemic threats to identify areas for improvement in the response plan.

Implement corrective actions based on lessons learned.

Training and Awareness:

Employee Training:

Provide ongoing training and awareness programs to ensure all employees are knowledgeable about pandemic preparedness measures.

Conduct periodic drills and simulations to test the effectiveness of the response plan.

​

​

CYBER SECURITY MANAGEMENT POLICY

 

A cybersecurity management policy is a critical component of an organization's overall cybersecurity strategy. It serves as a set of guidelines and principles to ensure the confidentiality, integrity, and availability of information and information systems.

 

1. Risk Management

This Risk Management Policy establishes the framework, processes, and responsibilities for identifying, assessing, and managing cybersecurity risks within Interdean Ltd

One of the most common causes of data breaches is misconfigured controls, such as a database

that’s not properly secured or a software update that hasn’t been installed.

Common risks

User awareness: Social engineering / Phishing

Password management: Weak password policies / Privileged user abuse / Lack of multi-factor authentication / Bad password policy governance

Network security: Lack of network segmentation and segregation / Shadow IT networks / Network snooping traffic / Lack of network security baselines

Physical security: Backups lost or stolen / Unauthorized access to buildings / Theft of computer equipment / Unprotected network access points

Governance & strategy: Insufficient budget and resources / Applicability of security strategy to the entire organization / Inefficient operating model for cyber security / Lack of procedures and policies

Patch management: Outdated operating systems / Outdated software / Shadow IT systems

Risk Management Framework, Assessment, Risk Mitigation and Treatment

Establish a continuous process for identifying and documenting cybersecurity risks associated with information systems and data. Encourage all employees to report potential risks through defined channels.Conduct regular risk assessments to evaluate the impact and likelihood of identified risks. Include specific measures, controls, or actions to mitigate or accept identified risks.

Security Controls Implementation: Implement and maintain security controls to mitigate identified risks. Ensure that controls are aligned with industry best practices and compliance requirements.

Establish a clear communication plan for informing management about identified risks and the status of risk mitigation efforts. Provide regular updates to executive leadership and relevant teams. Maintain a centralized repository for documenting risk assessments, treatment plans, and mitigation activities. Retain records for a specified period to facilitate audits and compliance checks.

Implement continuous monitoring processes to track changes in the risk landscape. Regularly review and update risk assessments based on changes in the organization's environment.

Integrate risk management processes with other organizational processes, such as strategic planning, project management, and change management.

Ensure that risk management is embedded in the decision-making processes of the organization.

 Interdean Ltd provides training to employees on risk management principles and practices.

​

2. Secure Configuration

This Secure Configuration Policy defines the principles and practices for securely configuring and maintaining information systems to protect the confidentiality, integrity, and availability of Interdean Ltd's assets.

Establish and maintain a baseline configuration standard for all information systems. The baseline will include approved settings for operating systems, applications, and network devices.

Implement a formalized change management process to assess and authorize changes to system configurations.

Apply security best practices for hardening operating systems, including removing unnecessary services, disabling unused accounts, and implementing strong password policies.

Configure applications securely by applying vendor-recommended security settings. Disable unnecessary features and services to reduce the attack surface.

Implement and maintain firewall rules to control inbound and outbound traffic.

Configure IDS/IPS to monitor and block suspicious network activity. Regularly update signature databases and fine-tune rules based on emerging threats.

Implement encryption mechanisms for sensitive data in transit and at rest.

Ensure that encryption protocols and algorithms comply with industry standards.

Regularly update certificates and keys, and revoke compromised or expired certificates promptly.

Configure endpoints securely, including workstations, laptops, and mobile devices.

Enforce endpoint security policies, such as antivirus, anti-malware, and device encryption.

Secure server configurations by applying industry best practices and vendor recommendations. Disable unnecessary services and features on servers.

Establish a patch management process to regularly update and apply security patches to operating systems, applications, and firmware.

Implement continuous monitoring of configuration settings to detect deviations from the baseline. Regularly conduct audits and assessments to ensure compliance with secure configuration standards.

Maintain documentation that includes configuration standards, change management records, and audit findings. Retain records for a specified period to facilitate audits and compliance checks.

 

 

3. Home and Mobile Working

Remote employees must follow this policy’s instructions too. Since they will be accessing our company’s accounts and systems from a distance, they are obliged to follow all data encryption, protection standards and settings, and ensure their private network is secure.

Connect to a Wi-Fi network you know and trust / Connect securely with the help of a VPN / Only use applications approved by your employer

Always verify the sender and the source / Do not just click on any link / Never just enter your login credentials /

This Home and Mobile Working Policy establishes the principles and guidelines for secure remote work to ensure the confidentiality, integrity, and availability of Interdean Ltd’s information and information systems.

Employees are authorized to use only company-approved devices for remote work.Personal devices must meet minimum security requirements outlined in the organization's device security policy.

Public Wi-Fi networks should be avoided, and employees are encouraged to use secured and trusted networks.

Multi-factor authentication (MFA) is mandatory for accessing organizational systems and data remotely. Access to specific resources will be based on job roles and granted on a need-to-know basis.

Employees must ensure that all data is encrypted during transmission and storage. Company-approved encryption mechanisms must be used for sensitive information.

Employees should use company-approved communication tools for work-related discussions. Avoid discussing sensitive information in public spaces or over unsecured communication channels.

Ensure the physical security of devices used for remote work, including laptops and mobile devices. Report any lost or stolen devices immediately to the management.

Keep all software, including operating systems and applications, up-to-date with the latest security patches. Regularly check for and apply updates to maintain the security of remote devices.

Employees must promptly report any security incidents, including lost devices or suspicious activities, to the management.

Remote workspaces should be free from distractions and provide a secure environment for handling sensitive information. Employees should lock their devices when not in use and implement strong passwords or biometric authentication.

Regularly back up work-related data to the organization's approved backup systems. Follow established data backup and recovery procedures.

Remote work must comply with all relevant organizational policies and industry regulations. Employees are responsible for familiarizing themselves with and adhering to remote work policies.

 

 

4. Incident Management

This Incident Management Policy establishes the framework, procedures, and responsibilities for identifying, reporting, and responding to security incidents within Interdean Ltd.

Incident management in cybersecurity is a systematic approach to identifying, managing, and resolving security incidents. The goal is to minimize damage, reduce recovery time, and mitigate the impact of security incidents on an organization. Here are key components and best practices for incident management in cybersecurity:

Common risks: BCP not communicated / Outdated BCP / Confusion throughout an incident / Critical processes not evaluated / Missing steps for efficient recovery / Decencies on third parties not known / RPO/RTO not aligned with business / Incorrect back-up frequency / Failure to recover back-up timely / Missed dependencies

Incident Detection: The organization will employ advanced threat detection mechanisms, including intrusion detection systems and security information and event management solutions.

Users are encouraged to report any suspicious activities or potential security incidents promptly.

Incident Reporting: Employees will report security incidents to the designated incident response   team using the incident reporting procedures.

Incident reports should include details such as date, time, location, and a brief description of the incident.

Incident Response Team (IRT) / Management & Incident response plan: An incident response team (IRT) will be established, comprising individuals with specific roles and responsibilities. The IRT will include representatives from IT, legal, communications, and relevant business units.

A comprehensive incident response plan will be developed, outlining step-by-step procedures for responding to security incidents.

Communication Plan: A communication plan will define the process for internal and external communication during a security incident.

Communication channels, management and the timing of notifications will be clearly outlined.

Containment and Eradication: The IRT will take immediate steps to contain the incident to prevent further damage. Once contained, efforts will focus on identifying and eradicating the root cause of the incident.

Evidence Gathering and Forensic Analysis: Procedures will be in place for preserving and collecting digital evidence related to the incident. Forensic analysis will be conducted to understand the tactics, techniques, and procedures (TTPs) used by the attackers.

Notification and Reporting: The organization will comply with legal and regulatory requirements for incident notification. Relevant stakeholders, including customers, partners, and law enforcement, will be notified as required.

Learning and Improvement: After the incident is resolved, a post-incident review will be conducted to analyze the response and identify areas for improvement. The incident response plan will be updated based on lessons learned.

 

 

5. Malware Prevention

Malware prevention is a critical aspect of cybersecurity to protect systems and networks from malicious software. Malware, short for malicious software, includes various types of harmful software such as viruses, worms, Trojans, ransomware, spyware, and adware. Here are essential strategies for preventing malware infections:

Antivirus Software: Install reputable antivirus software on all systems and keep it updated regularly. Schedule regular scans to detect and remove known malware signatures.

Endpoint Protection: Implement endpoint protection solutions that offer advanced threat detection and prevention capabilities. Consider using endpoint detection and response solutions for enhanced visibility and response capabilities.

Regular Software Updates: Keep operating systems, applications, and software up-to-date with the latest security patches. Enable automatic updates to ensure timely installation of patches.

Email Security: Use email filtering and scanning solutions to detect and block malicious attachments and links. Train employees to recognize phishing attempts and avoid clicking on suspicious emails.

Employ web-filtering solutions to block access to malicious websites and prevent users from downloading malicious content. Regularly update and maintain blacklists of known malicious domains.

Use firewalls and intrusion detection/prevention systems to monitor and filter incoming and outgoing network traffic. Segment networks to limit the spread of malware in case of an infection.

Educate users about safe online practices, such as avoiding downloading files from untrusted sources and being cautious with email attachments.

Conduct regular cybersecurity awareness training to keep users informed about the latest threats.

Implement application whitelisting to restrict the execution of unauthorized applications. Allow only approved and necessary applications to run on systems.

Disable auto run features for USB drives to prevent automatic execution of malicious code. Educate users about the risks of using untrusted USB devices.

Employ behavioral analysis tools to detect and block malware based on anomalous behavior.

Configure systems securely by disabling unnecessary services and features. Follow security best practices for server and workstation configurations.

Regularly back up critical data and ensure backups are stored securely.

Test backup and recovery procedures to ensure quick recovery in the event of a ransomware attack.

Implement security measures for mobile devices, such as smartphones and tablets, including the use of mobile device management (MDM) solutions.

Adopt a zero-trust security model that verifies every user and device attempting to access the network, regardless of their location. Implement least privilege access principles to limit user and system permissions.

Implement continuous monitoring for early detection of malware activities.

 

 

6. Managing User Access

Managing user access is a crucial aspect of cybersecurity, ensuring that individuals within an organization have appropriate permissions to access resources while preventing unauthorized access. Effective access management helps mitigate the risk of security breaches, data leaks, and insider threats

This Access Management Policy outlines the principles, guidelines, and procedures for managing user access to information systems and resources within Interdean Ltd.

Access to information systems will be provisioned based on the principle of least privilege.

Automated processes will be implemented for provisioning new user accounts and assigning appropriate access based on job roles and responsibilities.

imely de-provisioning processes will be in place for revoking access when users leave the organization or change roles. An exit checklist will be used to ensure the removal of access privileges during employee departures.

Roles will be defined based on job functions, and access permissions will be assigned to roles.

Users will be granted the minimum level of access necessary to perform their job functions.

Regular access reviews will be conducted to validate that users have only the necessary permissions.

Multi-factor authentication (MFA) will be enforced for accessing sensitive systems, applications, and data.

Centralized identity management systems will be used to maintain a unified view of user identities and access permissions.

Employees will receive training on security best practices, emphasizing the protection of login credentials and reporting suspicious activity.

A security-aware culture will be fostered within the organization.

A formalized access request process will be established for users to request additional permissions.

Access requests will require approval from appropriate authorities before access is granted.

​

7. Monitoring

This Monitoring Policy establishes the principles and procedures for monitoring information systems, network activities, and security events within Interdean Ltd to maintain the confidentiality, integrity, and availability of data.

Monitor network traffic for unusual patterns or activities. Use intrusion detection and prevention systems (IDS/IPS) to identify and block malicious network traffic.

Collect and store logs from critical systems, applications, and network devices.

Ensure logs include relevant information for incident response and forensic analysis.

Establish log retention periods based on regulatory requirements and organizational needs. Regularly review logs to identify security incidents, policy violations, or unusual activities.

Implement automated mechanisms to detect security incidents promptly. Utilize threat intelligence feeds and anomaly detection to enhance incident detection capabilities.

Conduct regular incident response exercises to test and improve response capabilities.

Integrate vulnerability scanning tools to identify and prioritize security vulnerabilities. Monitor and track the remediation of identified vulnerabilities to reduce the attack surface.

Monitor user activities to detect unauthorized access or suspicious behavior. Implement user behavior analytics (UBA) tools to identify anomalies in user behavior.

Regularly monitor and audit information systems to ensure compliance with internal policies, industry regulations, and legal requirements.

Monitor the security activities of third-party vendors and service providers. Ensure that third parties comply with contractual security requirements.

Establish a clear reporting structure for communicating monitoring results and security incidents.

 

 

8. Network Security

This Network Security Policy establishes the principles and practices for ensuring the confidentiality, integrity, and availability of Interdean Ltd's network infrastructure and data. Implement network segmentation to isolate different network segments based on functionality and security requirements.

Implement firewalls and intrusion prevention systems (IPS) to control and monitor traffic entering and leaving the organization's network.

Enforce strong authentication mechanisms, including multi-factor authentication (MFA), for accessing network resources. Periodically review and update user access credentials.

Implement Access Control Lists to control and restrict access to network devices, servers, and critical infrastructure.

Encrypt wireless communication using Wi-Fi Protected Access (WPA) or WPA3 protocols. Disable insecure protocols and regularly update wireless security settings.

Segregate guest networks from internal networks to prevent unauthorized access. Implement captive portals and time restrictions for guest network access.

Use intrusion detection and prevention systems to identify and respond to potential security incidents.

Enable logging on network devices and servers to capture relevant security events.

Implement secure VPN connections for remote access to the organization's network. Enforce strong encryption and authentication mechanisms for VPN connections.

Establish and enforce policies for secure remote access, including guidelines for device security and authentication.

Secure network devices by changing default passwords, disabling unnecessary services, and applying security patches. Restrict physical access to network devices.

Regularly update firmware and software on network devices to address security vulnerabilities.

 

 

9. Removable Media Controls

This Removable Media Controls Policy establishes the principles and procedures for the secure use, handling, and management of removable media within Interdean Ltd

Only organization-approved removable media devices may be used.

Maintain an updated list of approved devices and regularly review for new threats or vulnerabilities. All removable media used for storing sensitive information must be encrypted using organization-approved encryption standards.

Encryption keys must be securely managed, and access must be restricted to authorized personnel.

Acceptable Use and Restrictions

Removable media should only be used for legitimate business purposes.

Prohibit the use of removable media for activities that may introduce security risks, such as downloading unauthorized software or storing sensitive data without encryption. Removable media devices should not be used on public or untrusted computers.

Maintain an inventory of all organization-approved removable media devices. Record information such as device serial numbers, encryption status, and assigned users.

Removable media devices must be issued to users on a need-to-use basis. Implement procedures for the return, inventory update, or decommissioning of devices.

Regularly update employees on emerging threats and best practices for using removable media securely.

Implement automated malware scanning on all removable media devices before allowing access to the organization's network.

Employees must report any lost or stolen removable media devices immediately. Incident response procedures should be in place to address potential data breaches.

If malware is detected on a removable media device, follow incident response procedures to isolate and remediate the affected systems.

Implement physical security measures to protect removable media devices from theft or unauthorized access. Store media in secure areas and restrict access to authorized personnel.

 

 

10. Accountability, User Education and Awareness

This Accountability, User Education, and Awareness Policy establishes the framework and responsibilities for promoting a culture of security awareness, accountability, and continuous education within Interdean Ltd.

Clearly define the responsibilities of users in safeguarding the organization's information assets.

Users are accountable for adhering to security policies, promptly reporting security incidents, and protecting their authentication credentials.

Management is accountable for providing a secure work environment, implementing security policies, and enforcing accountability measures. Management will conduct regular reviews to ensure compliance with security policies.

Develop and implement regular cybersecurity training programs for all employees. Training should cover topics such as password security, phishing awareness, and data protection.

Include cybersecurity awareness training as part of the onboarding process for new employees. Ensure that new employees are familiar with the organization's security policies and practices.

Conduct ongoing security awareness campaigns to keep employees informed about emerging threats and best practices.

Use multiple channels, such as emails, posters, and workshops, to communicate security messages.

Periodically conduct phishing simulations to test employees' ability to recognize and avoid phishing attempts. Provide immediate feedback and additional training for employees who fall victim to phishing simulations.

Encourage a culture of reporting by ensuring that employees feel comfortable reporting security incidents without fear of reprisal. Establish clear reporting channels and procedures.

Incident Response: Define and communicate the incident response procedures to be followed in the event of a security incident. Ensure that incidents are addressed promptly, and corrective actions are taken to prevent future occurrences.

Clearly communicate the consequences of non-compliance with security policies and procedures. Consequences may include disciplinary actions, loss of access privileges, or legal action depending on the severity of the violation.

Implement a system for recognizing and rewarding employees who demonstrate exemplary security practices. Acknowledge individuals and teams for their contributions to maintaining a secure environment.

           

 

Take security seriously

Everyone, from our customers and partners to our employees and contractors, should feel that their data is safe. The only way to gain their trust is to proactively protect our systems and databases. We can all contribute to this by being vigilant and keeping cyber security top of mind.

​

​

​

ANTI-BRIBERY AND ANTI-CORRUPTION POLICY

 

Introduction

 

This document defines our policy on the avoidance of bribery and corruption.

It will be regularly reviewed to ensure that it reflects any changes in applicable laws and developments in acceptable standards for the conduct of business.

Our company is committed to maintaining the highest ethical standards and vigorously enforces the integrity of its business practices wherever it operates throughout the world. The company will not engage in bribery or corruption. Adherence to the clear guidelines set out in this policy will ensure that the company and its employees comply with anti-bribery and anti-corruption laws and governmental guidance.

Bribes and kickbacks

The company does not take part in acts of corruption, or pay bribes or receive kickbacks either directly or indirectly. The company prohibits its employees from engaging in acts of corruption, and from paying bribes or kickbacks to, or accepting bribes or kickbacks from, public officials and private individuals such as the personnel of companies with which the company does business. It is the responsibility of all employees who are involved at any time in engaging the services of external consultants, suppliers or agents, to ensure that such individuals are made aware of the content of the company’s Anti-Bribery and Anti-Corruption policy and Fidi Anti Bribery and Anti Corruption Policy at the outset of the relationship and on a regular basis thereafter.

Facilitation payments

The company and its employees will not make facilitation payments even if such payments

are local practice or custom. The company accepts that refusal to make illicit payments may

lead to commercial delays, for example, in the processing of government papers, and that

there may be a commercial cost to the company attributable to this policy.

If company employees encounter a demand for a facilitation payment, or think they are likely

to do so, they should report the situation to their line manager without delay. Line managers

will then ensure that the CEO is informed at the earliest possible opportunity.

The company recognizes that demands for facilitation payments are often backed by a form

of extortion and that in exceptional circumstances resistance may not be feasible. In such

circumstances, the company accepts that staff will need to use their best judgement. Staff

must report any incident where they feel forced to make a facilitation payment to their line

manager at the earliest opportunity. The company will stand by employees who find themselves placed in exceptional situations provided that the employee has provided absolute transparency as to the circumstances surrounding a payment shortly after the incident has occurred.

Public officials

Bribing or corrupting a public official is a serious offence, can carry severe penalties and can

cause significant reputational damage. This policy provides detailed guidelines on gifts and

hospitality. Approval must be secured in advance in relation to gifts or benefits received from

or offered to public officials, particularly the giving of anything of value to a public official.

Gifts, hospitality and expenses

Company employees may not offer to, or accept from, third parties, gifts, hospitality, rewards,

benefits or other incentives that could affect either party’s impartiality, influence a business

decision or lead to the improper performance of an official duty. Similarly, they may not offer

or accept cash donations.

Company employees may offer and accept ‘reasonable’ and ‘proportionate’ gifts and

entertainment, such as dinner, theatre parties or sporting events. In determining what is

‘reasonable’ and ‘proportionate’, employees should consider the value of the gift or benefit, as

well as the frequency with which the same or similar gift or benefit is offered. In all cases they

must ensure that the gift or benefit is being given as an expression of goodwill and not in

expectation of a return favour (a gift designed to secure a return favour could be seen as a

bribe).

Employees must seek prior approval from senior management for all gifts or benefits received

or offered with a value of more than AED 500 prior to final acceptance. Approvals must be

given in writing, and records of gifts received, from whom and by whom, must be recorded.

If prior approval cannot be realistically obtained before the initial acceptance of a gift or

hospitality, the employee must report and seek retrospective approval, or otherwise, at the

required level as soon as possible after initial acceptance.

Personal conflicts of interest

Company employees must avoid situations or transactions in which their personal interests

could conflict or might be seen to be in conflict with the interests of the company. This

includes acting on any client information gained through their employment with the company

for personal gain; passing such information to a third party; or acting in any way that could be

construed as insider trading. Conflicts of interest can arise if individuals have a personal interest in

business dealings involving the company. Personal interest can be direct or indirect, and refers not only to personal interests but to those of family members and friends. If there is a potential for conflict, the interests of the company must take priority.

Employees must disclose any personal conflict of interest or perceived conflict to their line manager.

Charitable donations

As part of its corporate citizenship activities, the company may support local charities or

provide sponsorship, for example, to sporting or cultural events. Any such sponsorship must

be transparent and properly documented. The company will only provide donations to

organizations that serve a legitimate public purpose, and which are themselves subject to

high standards of transparency and accountability.

Political activities

The company has a policy of strict political neutrality; it does not make donations to any

political parties, organizations, or individuals engaged in politics. The company will co-operate

with governments and other official bodies in the development of policy and legislation that

may affect its legitimate business interests, or where it has specialist expertise.

Employees are entitled to their own political views and activities, but they may not use

company premises or equipment to promote those views or associate their views with those

of the company.

Business relationships

The company expects its business partners to approach issues of bribery and corruption in a

manner that is consistent with the principles set out in this policy. This requirement applies to

agents, subcontractors and joint venture partners. In cases where the company is unable to

ensure these standards, it will reconsider the business relationship.

This policy applies with particular force to commercial agents, representatives and

subcontractors. In many reported international corruption cases, agents have passed on part

of their commissions as bribes. The company prohibits such practices.

In order to maintain the highest standards of integrity, employees must ensure that:

 

• They are fully briefed on the background and reputation for integrity of agents, representatives and subcontractors before hiring them. The company will conduct due diligence enquiries to review the  integrity records of agents, representatives and subcontractors before entering a commercial

relationship with them.

• The engagement process is fully documented; and that final approval of the selection of agents,

representatives and subcontractors is made by someone other than the person selecting or managing the company’s relationship with them.

• Fees and commissions agreed will be appropriate and justifiable remuneration for

legitimate services rendered. Once agreements have been signed, the company will continue to monitor its relationships with agents, representatives and subcontractors to ensure that there are no infringements of its Anti-Bribery and Anti-Corruption policy. Contractual agreements will include

appropriate wording making it possible to withdraw from the relationship if agents, representatives or subcontractors fail to abide by this policy.

 

Suppliers and contractors

The company will ensure that the procurement procedure for appointing suppliers and

contractors is open, fair and transparent. The selection of contractors will be based on an

evaluation of professional merit, and not on personal recommendations.

The company will communicate its Anti-Bribery and Anti-Corruption policy to its suppliers and

contractors, and it will expect them to abide by the principles set out in the policy when

working on the company’s behalf. If those principles are breached, the company will reserve

the right to terminate the contract.

Synopsis

The company and its employees are:

• Prohibited from offering, promising or paying a bribe of any kind;

• Prohibited from soliciting, accepting or receiving a bribe of any kind;

• Prohibited from giving or offering anything of value to a public official;

• Required to comply with the company’s guidelines and authorization levels in relation

to the giving and receipt of gifts and hospitality;

• Prohibited from making facilitation payments.

​

​

​