ITK recognizes the critical importance of safeguarding confidential information and takes a comprehensive approach to protecting data, both on-premise and in the cloud. This policy applies to everyone accessing ITK systems, including employees, contractors, and partners.

A well-defined governance structure is established, outlining clear information security roles and responsibilities. Regular risk assessments are conducted to identify and mitigate potential threats, ensuring the policy is continuously reviewed and updated to reflect evolving threats and business needs.

Physical Security: Access to sensitive areas is controlled through robust physical security measures, and we adhere to the principle of least privilege, granting access based on a need-to-know basis.

Access Control: Multi-factor authentication (MFA) and role-based access controls (RBAC) enhance our access control framework, supported by regular reviews.

Data Protection: All data is encrypted both at rest and in transit to maintain confidentiality. Data is classified based on sensitivity, with stricter controls applied to critical and personally identifiable information. We employ Endpoint Detection & Response (EDR), Mobile Device Management (MDM), and Data Loss Prevention (DLP) solutions to prevent unauthorized disclosure.

Network Security: Robust network security controls are implemented to defend against cyber threats, including firewalls, intrusion detection systems (IDS), vulnerability patching, and continuous monitoring of both on-premise and cloud environments.

Incident Response: A well-defined incident response process ensures a coordinated and rapid reaction to security incidents. Proactive threat intelligence gathering and analysis enable us to adapt security measures and mitigate risks effectively.

Compliance: ITK adheres to all relevant information security and privacy laws and regulations. Regular security awareness training is provided to educate employees on information security risks and best practices.

Business Continuity: We ensure the continuity of our operations by extensively training our personnel on in-house information security policies, procedures, and disaster recovery plans, while also guiding our clients on the principles of our Information Security Management System.