Data Classification and Security Policy

1. Introduction

The Data Classification and Security Policy of Igile Technologies India Pvt Ltd defines the framework for classifying and handling data within the organization. This policy ensures that all data is protected against unauthorized access, disclosure, alteration, and destruction, while maintaining its confidentiality, integrity, and availability. The policy applies to all employees, contractors, consultants, temporary staff, and other workers at Igile Technologies who have access to or manage company data.

2. Purpose

The purpose of this policy is to establish a standard approach for the classification of data, ensuring that all data types are handled appropriately based on their sensitivity, value, and criticality to Igile Technologies. It also outlines the security measures required to protect data across its lifecycle, from creation to disposal.

3. Scope

This policy applies to all data owned, processed, or managed by Igile Technologies, including but not limited to electronic data, printed materials, and other data formats. It covers all business functions and applies to all employees, contractors, and third-party vendors.

4. Data Classification

Data classification is a process of categorizing data based on its sensitivity and the impact it may have if compromised. Igile Technologies classifies data into the following categories:

4.1. Classification Levels

• Confidential: Data that is highly sensitive, and access should be strictly controlled. Unauthorized access or disclosure could result in severe financial, legal, or reputational damage. Examples include customer personal data, financial information, and proprietary business information.
  Note: Any unauthorized disclosure or loss of Confidential data must be reported immediately to the IGILE Technologies Service Desk via info@igile.in.
• Internal Use: Data that is intended for use within Igile Technologies and is not to be disclosed externally without proper authorization. Unauthorized access or disclosure may result in moderate harm.
• Public: Data that is approved for public release. Disclosure of this data does not pose a risk to Igile Technologies.
• Restricted Use: Data that should be used only when no alternative exists and must be carefully protected. Unauthorized disclosure, unauthorized modification, or loss of Restricted Use data could result in significant harm to Igile Technologies.
  Note: Any unauthorized disclosure, unauthorized modification, or loss of Restricted Use data must be reported immediately to the IGILE Technologies Service Desk via info@igile.in.

5. Data Handling Requirements

Each classification level has specific handling requirements to ensure data security and compliance with regulatory requirements.

5.1. Confidential Data Handling

• Encryption must be used to protect data at rest and in transit.
• Access should be restricted to authorized personnel only.
• Data must not be stored on personal devices or transmitted over insecure channels.
• Physical access to confidential data must be controlled and monitored.
• Reporting: Any unauthorized disclosure or loss must be reported to the IGILE Technologies Service Desk via info@igile.in.

5.2. Internal Use Data Handling

• Internal data should be accessible only to employees and contractors with a legitimate business need.
• Data should not be shared externally unless authorized by management.
• Data should be stored in secure locations, and devices must be password protected.

5.3. Public Data Handling

• Public data can be freely shared and distributed.
• Data must be verified to be classified as public before dissemination.

5.4. Restricted Use Data Handling

• Restricted Use data should be used only when no alternative exists.
• Data must be carefully protected and access restricted to authorized personnel only.
• Reporting: Any unauthorized disclosure, unauthorized modification, or loss of Restricted Use data must be reported to the IGILE Technologies Service Desk via info@igile.in.

6. Data Access Control

Access to data should be controlled based on the principle of least privilege. Employees and contractors should have access only to the data necessary for their job functions.

7. Data Retention and Disposal

Data must be retained in accordance with Igile Technologies' data retention policy. Upon the expiration of the retention period, data should be disposed of securely to prevent unauthorized access or disclosure.

8. Compliance and Monitoring

Compliance with this policy will be monitored through regular audits and assessments. Employees found in violation of this policy may be subject to disciplinary action, up to and including termination.

9. Review and Update

This policy will be reviewed annually or as needed to ensure its effectiveness and compliance with applicable laws and regulations. Updates to the policy will be communicated to all employees.

10. Approval

This policy has been reviewed and approved by the senior management of Igile Technologies India Pvt Ltd.