Introduction
At Rexon Cyber, protecting client and company information is fundamental to everything we do. This Information Security Policy defines our commitment to maintaining the confidentiality, integrity, and availability of all data handled within our operations.
We align our security practices with internationally recognised frameworks, including the NIST Cybersecurity Framework (CSF) and ISO/IEC 27001.
Scope
This policy applies to:
- All employees, contractors, and third parties with authorised access to Rexon systems.
- All information assets managed, processed, or stored by Rexon, including cloud services, physical devices, and client data.
Our Commitments
Rexon Consulting Ltd is committed to:
- Safeguarding client information against unauthorised access, disclosure, alteration, or destruction.
- Maintaining secure systems and processes that protect data throughout its lifecycle.
- Ensuring employees understand their responsibilities through training and awareness.
- Embedding security into every project, product, and partnership.
Security Governance
- The Board of Directors has ultimate responsibility for information security oversight.
- The Information Security Lead manages day-to-day security operations, policies, and incident coordination.
- All staff are responsible for safeguarding data and reporting potential issues immediately.
Core Security Controls
- Access Control: Principle of least privilege, strong password and MFA enforcement.
- Data Protection: Encryption in transit and at rest; secure data disposal.
- Network Security: Firewalls, intrusion detection, and continuous monitoring.
- Asset Management: Inventory and classification of all assets.
- Incident Response: Defined escalation, containment, and recovery procedures.
- Vulnerability Management: Regular assessments and patch management.
- Business Continuity: Resilient infrastructure and tested recovery plans.
Employee Responsibilities
- Use company devices and systems responsibly.
- Protect credentials and sensitive information.
- Follow security guidance, report phishing or suspicious activity.
- Participate in annual security awareness training.
Third-Party Security
Suppliers must demonstrate robust security controls and sign a Data Processing or Confidentiality Agreement before handling Rexon or client data.
Incident Management
Any suspected or actual security incident must be reported immediately to [email protected].
All incidents are logged, investigated, and reviewed by the Information Security Lead.
Compliance
Non-compliance with this policy may result in disciplinary or contractual action.
This policy is reviewed annually or following significant organisational or technological change.
Effective Date: October 2025
Next Review: October 2026