# WiBiz Security Policy Framework — Index

**Digital Benefits Pte Ltd (trading as WiBiz)**
**Document Version:** v1.0
**Effective Date:** 15 April 2026
**Next Review:** 15 April 2027
**Classification:** Internal
**Owner:** Nicklaus D'Cruz, CEO

---

## Purpose

This index is the master reference for WiBiz's information security policy framework. All 12 policies in this directory operate under the master Information Security Policy and collectively establish WiBiz's security posture for Trust Center publication, SOC 2 readiness, and ISO 27001 alignment.

## Policy Framework

| # | Policy | File | Scope Summary |
|---|---|---|---|
| 01 | Information Security Policy (Master) | `WiBiz_Information_Security_Policy_v1.0.md` | Governance, roles, risk, compliance umbrella |
| 02 | Data Protection & Privacy Policy | `WiBiz_Data_Protection_Privacy_Policy_v1.0.md` | PDPA, GDPR, data classification, subject rights |
| 03 | Access Control Policy | `WiBiz_Access_Control_Policy_v1.0.md` | RBAC, MFA, provisioning, reviews |
| 04 | Encryption Policy | `WiBiz_Encryption_Policy_v1.0.md` | AES-256 at rest, TLS 1.2+ in transit, key mgmt |
| 05 | Incident Response Plan | `WiBiz_Incident_Response_Plan_v1.0.md` | P1–P4 classification, IRT, PDPC notification |
| 06 | Business Continuity Plan | `WiBiz_Business_Continuity_Plan_v1.0.md` | BIA, RTO/RPO, backup, DR scenarios |
| 07 | HR Security Policy | `WiBiz_HR_Security_Policy_v1.0.md` | Screening, training, onboarding/offboarding |
| 08 | Vendor Risk Management Policy | `WiBiz_Vendor_Risk_Management_Policy_v1.0.md` | Vendor tiers, DPAs, reviews, offboarding |
| 09 | Acceptable Use Policy | `WiBiz_Acceptable_Use_Policy_v1.0.md` | Device, data, social, BYOD, prohibited acts |
| 10 | Data Retention & Disposal Policy | `WiBiz_Data_Retention_Disposal_Policy_v1.0.md` | Retention schedule, disposal, deletion requests |
| 11 | Change Management Policy | `WiBiz_Change_Management_Policy_v1.0.md` | Change classification, approvals, rollback |
| 12 | Network Security Policy | `WiBiz_Network_Security_Policy_v1.0.md` | Cloud-first, firewalls, API, DDoS, scans |

## Review Schedule

All policies are reviewed annually. Unscheduled reviews are triggered by:
- Material changes to WiBiz systems or architecture
- Security incidents (P1 or P2)
- Regulatory changes (PDPA, GDPR, HIPAA, MAS)
- Major client onboarding in a new regulated vertical

## Approval

All policies approved by Nicklaus D'Cruz, CEO. Version control via Git. Signed copies maintained in `WiBiz OS/05 Operations/Security Policies/_Signed/`.