Security Policies

Twelve CEO-approved policies form WiBiz's security framework. All are effective 15 April 2026 and reviewed annually. Click any policy to read it, or download the source Markdown.

#	Policy	Version	Effective	Actions
01	Information Security Policy (Master) Governance, roles, risk management, and the compliance umbrella under which every other policy operates.	v1.0	15 Apr 2026	Read·.md
02	Data Protection & Privacy Policy PDPA, GDPR, data classification, lawful bases, consent, and subject rights handling.	v1.0	15 Apr 2026	Read·.md
03	Access Control Policy Role-based access, MFA, provisioning, deprovisioning, and periodic access reviews.	v1.0	15 Apr 2026	Read·.md
04	Encryption Policy AES-256 at rest, TLS 1.2+ in transit, key management, certificate lifecycle.	v1.0	15 Apr 2026	Read·.md
05	Incident Response Plan P1–P4 severity classification, IRT roles, containment, and PDPC notification workflow.	v1.0	15 Apr 2026	Read·.md
06	Business Continuity Plan Business impact analysis, RTO/RPO targets, backup and recovery procedures, DR scenarios.	v1.0	15 Apr 2026	Read·.md
07	HR Security Policy Background screening, security training, onboarding, and offboarding controls.	v1.0	15 Apr 2026	Read·.md
08	Vendor Risk Management Policy Vendor tiers, due diligence, Data Processing Agreements, ongoing reviews, offboarding.	v1.0	15 Apr 2026	Read·.md
09	Acceptable Use Policy Device, data, social, BYOD, and prohibited-act standards for every team member.	v1.0	15 Apr 2026	Read·.md
10	Data Retention & Disposal Policy Retention schedule by data class, secure disposal, and deletion-request handling.	v1.0	15 Apr 2026	Read·.md
11	Change Management Policy Change classification, approval gates, deployment controls, rollback requirements.	v1.0	15 Apr 2026	Read·.md
12	Network Security Policy Cloud-first perimeter, firewall standards, API protection, DDoS mitigation, vulnerability scans.	v1.0	15 Apr 2026	Read·.md

Download full policy index (Markdown)